CVE-2011-4197

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

Date published : 2012-01-03

http://www.securityfocus.com/bid/51169

http://archives.neohapsis.com/archives/bugtraq/2011-12/0152.html