CVE-2006-4390 - Erratic Budgets

Description

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication which can cause the lock icon in Safari to be displayed even when the site’s identity cannot be trusted.

Reference

http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html http://securitytracker.com/id?1016952 http://www.securityfocus.com/bid/20271 http://secunia.com/advisories/22187 http://www.osvdb.org/29267 http://www.vupen.com/english/advisories/2006/3852 https://exchange.xforce.ibmcloud.com/vulnerabilities/29277