DSA-2763-1 pyopenssl -- hostname check bypassingID: oval:org.secpod.oval:def:601112 | Date: (C)2013-09-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field. A remote attacker in the position to obtain a certificate for "www.foo.org\0.example.com" from a CA that a SSL client trusts, could use this to spoof "www.foo.org" and conduct man-in-the-middle attacks between the PyOpenSSL-using client and the SSL server.
Platform: |
Debian 7.0 |
Debian 6.0 |