Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 05:43:59 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1765895499&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0709-advisories%2F2007-006-RubySSL.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1765895499.1338183839.1338183839.1338183839.1%3B%2B__utmz%3D32867617.1338183839.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/59675/2007-006-RubySSL.txt http://packetstormsecurity.org/files/59675/2007-006-RubySSL.txt http://packetstormsecurity.org/files/59675/Trustix-Secure-Linux-Security-Advisory-2007.6.html Sun, 30 Sep 2007 05:39:24 GMT A vulnerability results from the Net::HTTPS library from Ruby versions 1.8.5 and 1.8.6 failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.