cnvd-2017-25889
Vulnerability from cnvd
Title
RBB SPEED TEST App fails to verify SSL server certificates
Description
IID RBB SPEED TEST App for Android和IID RBB SPEED TEST App for iOS都是日本IID公司的产品。IID RBB SPEED TEST App for Android是一款基于Android平台的数据流量测量应用程序。该程序能够测量一定时间之内与服务器的数据交换的平均吞吐量,IID RBB SPEED TEST App for iOS是它的iOS版本。 基于Android平台的RBB SPEED TEST App 2.0.3及之前版本和基于iOS平台的RBB SPEED TEST App 2.1.0及之前的版本中存在安全漏洞,该漏洞源于程序未能验证SSL服务器端的X.509证书。攻击者可借助特制的证书利用该漏洞伪造服务器,实施中间人攻击,获取敏感信息。
Severity
Patch Name
RBB SPEED TEST App fails to verify SSL server certificates的补丁
Patch Description
IID RBB SPEED TEST App for Android和IID RBB SPEED TEST App for iOS都是日本IID公司的产品。IID RBB SPEED TEST App for Android是一款基于Android平台的数据流量测量应用程序。该程序能够测量一定时间之内与服务器的数据交换的平均吞吐量,IID RBB SPEED TEST App for iOS是它的iOS版本。 基于Android平台的RBB SPEED TEST App 2.0.3及之前版本和基于iOS平台的RBB SPEED TEST App 2.1.0及之前的版本中存在安全漏洞,该漏洞源于程序未能验证SSL服务器端的X.509证书。攻击者可借助特制的证书利用该漏洞伪造服务器,实施中间人攻击,获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: http://speed.rbbtoday.com/

Reference
http://jvn.jp/en/jp/JVN24238648/
Impacted products
Name
['IID, Inc. RBB SPEED TEST App for Android <=2.0.3', 'IID, Inc. RBB SPEED TEST App for iOS <=2.1.0']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2278"
    }
  },
  "description": "IID RBB SPEED TEST App for Android\u548cIID RBB SPEED TEST App for iOS\u90fd\u662f\u65e5\u672cIID\u516c\u53f8\u7684\u4ea7\u54c1\u3002IID RBB SPEED TEST App for Android\u662f\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u6570\u636e\u6d41\u91cf\u6d4b\u91cf\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u80fd\u591f\u6d4b\u91cf\u4e00\u5b9a\u65f6\u95f4\u4e4b\u5185\u4e0e\u670d\u52a1\u5668\u7684\u6570\u636e\u4ea4\u6362\u7684\u5e73\u5747\u541e\u5410\u91cf\uff0cIID RBB SPEED TEST App for iOS\u662f\u5b83\u7684iOS\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684RBB SPEED TEST App 2.0.3\u53ca\u4e4b\u524d\u7248\u672c\u548c\u57fa\u4e8eiOS\u5e73\u53f0\u7684RBB SPEED TEST App 2.1.0\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1SSL\u670d\u52a1\u5668\u7aef\u7684X.509\u8bc1\u4e66\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u670d\u52a1\u5668\uff0c\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "DigiGnome",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://speed.rbbtoday.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-25889",
  "openTime": "2017-09-11",
  "patchDescription": "IID RBB SPEED TEST App for Android\u548cIID RBB SPEED TEST App for iOS\u90fd\u662f\u65e5\u672cIID\u516c\u53f8\u7684\u4ea7\u54c1\u3002IID RBB SPEED TEST App for Android\u662f\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u6570\u636e\u6d41\u91cf\u6d4b\u91cf\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u80fd\u591f\u6d4b\u91cf\u4e00\u5b9a\u65f6\u95f4\u4e4b\u5185\u4e0e\u670d\u52a1\u5668\u7684\u6570\u636e\u4ea4\u6362\u7684\u5e73\u5747\u541e\u5410\u91cf\uff0cIID RBB SPEED TEST App for iOS\u662f\u5b83\u7684iOS\u7248\u672c\u3002\r\n\r\n\u57fa\u4e8eAndroid\u5e73\u53f0\u7684RBB SPEED TEST App 2.0.3\u53ca\u4e4b\u524d\u7248\u672c\u548c\u57fa\u4e8eiOS\u5e73\u53f0\u7684RBB SPEED TEST App 2.1.0\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u9a8c\u8bc1SSL\u670d\u52a1\u5668\u7aef\u7684X.509\u8bc1\u4e66\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u670d\u52a1\u5668\uff0c\u5b9e\u65bd\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "RBB SPEED TEST App fails to verify SSL server certificates\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IID, Inc. RBB SPEED TEST App for Android \u003c=2.0.3",
      "IID, Inc. RBB SPEED TEST App for iOS \u003c=2.1.0"
    ]
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN24238648/",
  "serverity": "\u4e2d",
  "submitTime": "2017-07-25",
  "title": "RBB SPEED TEST App fails to verify SSL server certificates"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.