Exploit the possiblities
Showing 1 - 8 of 8 RSS Feed

CVE-2013-4238

Status Candidate

Overview

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '�' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Related Files

VMware Security Advisory 2014-0012
Posted Dec 5, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0012 - VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.

tags | advisory, vulnerability, xss
advisories | CVE-2013-1752, CVE-2013-2877, CVE-2013-4238, CVE-2014-0015, CVE-2014-0138, CVE-2014-0191, CVE-2014-3797, CVE-2014-8371
MD5 | f36bc2e46b09054b56cf41449f829177
Debian Security Advisory 2880-1
Posted Mar 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2880-1 - Multiple security issues were discovered in Python.

tags | advisory, python
systems | linux, debian
advisories | CVE-2013-4238, CVE-2014-1912
MD5 | 7fcd2b54485f6aa2f92a611bd4c1d7d2
Red Hat Security Advisory 2013-1582-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1582-02 - Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.

tags | advisory, spoof, python
systems | linux, redhat
advisories | CVE-2013-4238
MD5 | 518b1885af323b373e4c9cb1dad43344
Red Hat Security Advisory 2013-1527-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1527-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2010-5107, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-4238, CVE-2013-4344
MD5 | dcab012d0de56b42da30417797f52367
Ubuntu Security Notice USN-1985-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1985-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
MD5 | 30dd161fd7f10f0022dade719a6d4f5d
Ubuntu Security Notice USN-1983-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1983-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
MD5 | 25d866b12b48af0ef408ee77c8a071fa
Ubuntu Security Notice USN-1984-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1984-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
MD5 | 0e5f515994007e24c3f0444a767d34fc
Ubuntu Security Notice USN-1982-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1982-1 - Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2013-4238
MD5 | 99c2b308f85aea7287369c40cb16c1ec
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close