ignore security and it'll go away
Showing 1 - 8 of 8 RSS Feed

CVE-2013-4238

Status Candidate

Overview

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '�' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Related Files

VMware Security Advisory 2014-0012
Posted Dec 5, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0012 - VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.

tags | advisory, vulnerability, xss
advisories | CVE-2013-1752, CVE-2013-2877, CVE-2013-4238, CVE-2014-0015, CVE-2014-0138, CVE-2014-0191, CVE-2014-3797, CVE-2014-8371
MD5 | f36bc2e46b09054b56cf41449f829177
Debian Security Advisory 2880-1
Posted Mar 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2880-1 - Multiple security issues were discovered in Python.

tags | advisory, python
systems | linux, debian
advisories | CVE-2013-4238, CVE-2014-1912
MD5 | 7fcd2b54485f6aa2f92a611bd4c1d7d2
Red Hat Security Advisory 2013-1582-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1582-02 - Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.

tags | advisory, spoof, python
systems | linux, redhat
advisories | CVE-2013-4238
MD5 | 518b1885af323b373e4c9cb1dad43344
Red Hat Security Advisory 2013-1527-01
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1527-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of "Install Failed". If this happens, place the host into maintenance mode, then activate it again to get the host back to an "Up" state.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2010-5107, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-4238, CVE-2013-4344
MD5 | dcab012d0de56b42da30417797f52367
Ubuntu Security Notice USN-1985-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1985-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
MD5 | 30dd161fd7f10f0022dade719a6d4f5d
Ubuntu Security Notice USN-1983-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1983-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. This issue only affected Ubuntu 13.04. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
MD5 | 25d866b12b48af0ef408ee77c8a071fa
Ubuntu Security Notice USN-1984-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1984-1 - Florian Weimer discovered that Python incorrectly handled matching multiple wildcards in ssl certificate hostnames. An attacker could exploit this to cause Python to consume resources, resulting in a denial of service. Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, denial of service, python
systems | linux, ubuntu
advisories | CVE-2013-2099, CVE-2013-4238, CVE-2013-2099, CVE-2013-4238
MD5 | 0e5f515994007e24c3f0444a767d34fc
Ubuntu Security Notice USN-1982-1
Posted Oct 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1982-1 - Ryan Sleevi discovered that Python did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2013-4238
MD5 | 99c2b308f85aea7287369c40cb16c1ec
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close