[Emerging-Sigs] FP on sid:2018005

Duane Howard duane.security at gmail.com
Fri Sep 19 18:42:34 EDT 2014


I can provide pcap off-list, if needed:
Cert causing FP:

d at zr1:~$ openssl x509 -in cert.der -inform DER -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: md5WithRSAEncryption
        Issuer: C=cn, ST=fj, L=xm, O=cnc, OU=sw, CN=all/emailAddress=
cdn at chinanetcenter.com
        Validity
            Not Before: Sep 14 07:34:42 2005 GMT
            Not After : Oct 14 07:34:42 2005 GMT
        Subject: C=cn, ST=fj, L=xm, O=cnc, OU=sw, CN=all/emailAddress=
cdn at chinanetcenter.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c2:04:6a:10:5c:ec:13:7d:1c:67:a1:89:db:d6:
                    6f:e2:9e:8e:ca:ea:a7:e4:8f:0d:d5:68:f6:a3:4e:
                    83:93:f2:36:4f:ef:c7:99:cb:56:bd:5f:ed:df:f0:
                    22:98:e6:1d:e9:a9:19:8d:7c:98:4b:44:4f:08:41:
                    08:90:4a:ed:ee:92:8a:6d:bb:7d:9f:23:e2:9f:9c:
                    6a:74:8e:00:30:c3:32:c6:a8:cd:1b:73:f0:87:06:
                    6c:5a:0c:24:9d:5e:7c:f6:09:cb:85:d9:28:9d:f9:
                    25:c4:fc:c8:d7:98:43:15:31:82:4e:d3:0d:f5:cb:
                    5e:27:a4:ab:2b:93:c8:0b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:34:D7:72:CB:C5:44:7F:D4:7F:34:DD:A0:EA:BD:55:C7:76:5A:64
            X509v3 Authority Key Identifier:

keyid:81:34:D7:72:CB:C5:44:7F:D4:7F:34:DD:A0:EA:BD:55:C7:76:5A:64
                DirName:/C=cn/ST=fj/L=xm/O=cnc/OU=sw/CN=all/emailAddress=
cdn at chinanetcenter.com
                serial:00

            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: md5WithRSAEncryption
         4f:95:50:6e:47:5b:22:18:a1:d4:c6:59:6f:8d:e5:f7:1e:0f:
         12:3c:a0:54:cb:cb:e2:80:b2:cf:22:ae:3f:7c:94:72:91:2c:
         6b:6b:c4:f2:97:1d:d4:01:5d:93:14:03:ff:53:a9:28:0a:0b:
         da:df:18:c0:ae:a5:fc:9e:2a:d8:51:58:68:ca:bf:d8:7f:d3:
         f9:d7:60:c3:9b:0f:4c:b5:04:90:b4:f2:d0:04:5b:d6:67:1d:
         52:6e:17:3e:e8:82:ae:89:0d:52:ce:0e:0f:37:8b:17:81:0c:
         31:1e:66:de:72:ec:09:c4:22:b6:78:61:a4:26:15:b2:83:85:
         c5:35
-----BEGIN CERTIFICATE-----
MIIDOTCCAqKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJjbjEL
MAkGA1UECBMCZmoxCzAJBgNVBAcTAnhtMQwwCgYDVQQKEwNjbmMxCzAJBgNVBAsT
AnN3MQwwCgYDVQQDEwNhbGwxJTAjBgkqhkiG9w0BCQEWFmNkbkBjaGluYW5ldGNl
bnRlci5jb20wHhcNMDUwOTE0MDczNDQyWhcNMDUxMDE0MDczNDQyWjB3MQswCQYD
VQQGEwJjbjELMAkGA1UECBMCZmoxCzAJBgNVBAcTAnhtMQwwCgYDVQQKEwNjbmMx
CzAJBgNVBAsTAnN3MQwwCgYDVQQDEwNhbGwxJTAjBgkqhkiG9w0BCQEWFmNkbkBj
aGluYW5ldGNlbnRlci5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIE
ahBc7BN9HGehidvWb+Kejsrqp+SPDdVo9qNOg5PyNk/vx5nLVr1f7d/wIpjmHemp
GY18mEtETwhBCJBK7e6Sim27fZ8j4p+canSOADDDMsaozRtz8IcGbFoMJJ1efPYJ
y4XZKJ35JcT8yNeYQxUxgk7TDfXLXiekqyuTyAtFAgMBAAGjgdQwgdEwHQYDVR0O
BBYEFIE013LLxUR/1H803aDqvVXHdlpkMIGhBgNVHSMEgZkwgZaAFIE013LLxUR/
1H803aDqvVXHdlpkoXukeTB3MQswCQYDVQQGEwJjbjELMAkGA1UECBMCZmoxCzAJ
BgNVBAcTAnhtMQwwCgYDVQQKEwNjbmMxCzAJBgNVBAsTAnN3MQwwCgYDVQQDEwNh
bGwxJTAjBgkqhkiG9w0BCQEWFmNkbkBjaGluYW5ldGNlbnRlci5jb22CAQAwDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBPlVBuR1siGKHUxllvjeX3Hg8S
PKBUy8vigLLPIq4/fJRykSxra8Tylx3UAV2TFAP/U6koCgva3xjArqX8nirYUVho
yr/Yf9P512DDmw9MtQSQtPLQBFvWZx1Sbhc+6IKuiQ1Szg4PN4sXgQwxHmbecuwJ
xCK2eGGkJhWyg4XFNQ==
-----END CERTIFICATE-----

./d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140919/bef425e1/attachment.html>


More information about the Emerging-sigs mailing list