Hi all, I have the next cuestion..
How I know if this affect my VMWare ESX 3.5.0
Vulnerability Report
.indent {
margin-left: 1cm;
}
.proof {
white-space: pre;
font-family: monospace;
width: 90%;
word-wrap: break-word;
}CVE#:
[CVE-2004-2761|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2761]
Summary:
X.509 Certificates using the MD5 algorithm may be affected by
a vulnerability that can weaken security.
Details:
A vulnerability exists in X.509 certificates which, when
signed via MD5, may allow for phishing attacks. The flaw is specific to
weaknesses in the MD5 algorithm used to sign X.509 certificates. It is possible
for a potential attacker to generate multiple pairs of certificates, which share
like MD5 signatures. Typical exploration would allow the attacker to impersonate
a legitimate website.
Fix:
See references or contact the vendor for appropriate patch
information. Typically, this problem is associated with NSS libraries or FireFox
packages, among other applications.
Note: According to a paper discussing
the vulnerability, written by the discovering team, creating rogue certificates
requires prior knowledge of a pre-signed certificate. Therefore it can be
assumed that any certificate created before the announcement of the
vulnerability is effectively safe from such an attack. If the certificate was
created prior to 2009, this issue can be considered a false positive. Any
certificate signed with MD5 created in 2009 or later, however, should be
replaced by a new certificate signed with a stronger hashing
method.
Workaround:
Utilize an alternative hashing method to sign
certificates (ex: SHA-256, SHA-512)
