Reset Search
 

 

Article

SA43620 - 2018-01 Out-Of-Cycle Advisory : Pulse Secure Desktop Linux Client - SSL Certificate Validation Issue

« Go Back

Information

 
Product AffectedPulse Secure Desktop Linux Client
Problem
The Pulse Linux GUI component does not perform strict SSL certificate validation which allows the attacker to manipulate the Pulse connection set.
 
This issue is applicable only Pulse Secure Desktop Linux clients versions:
  • PULSE5.3R4.2 and below
  • PULSE5.2R9.2 and below
 
CVE-2018-6374 has been assigned to it.
Solution
This issue is resolved in the following Pulse Secure Desktop Linux client releases:
 
PULSE5.3R4.2 Software (Build 639) is now available for download on Pulse Secure Licensing and Download Center
PULSE5.2R9.2 Software (Build 638) is now available for download on Pulse Secure Licensing and Download Center
 
Version History:

January 30, 2018 – Fixed versions PULSE5.3R4.2 & PULSE5.2R9.2 released.
 
Workaround
Implementation
Related Links
CVSS Score4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Risk Assessment
Acknowledgements
This vulnerability was discovered and responsibly reported to Pulse Secure by Will Dormann (CERT Coordination Center)
Alert TypeSA - Security Advisory
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255