Python SSL Module SSL Certificate Common Name Validation Security Bypass Vulnerability

Bugtraq ID: 43584
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Dec 11 2007 12:00AM
Updated: Oct 04 2010 03:20PM
Credit: Andreas Hasenack
Vulnerable: Python Software Foundation ssl Module 1.15
Python Software Foundation Python 3.1.1
Python Software Foundation Python 3.0.1
Python Software Foundation Python 2.6.2
Python Software Foundation Python 2.5.3
Python Software Foundation Python 2.5.2 -r6
Python Software Foundation Python 2.5.2
Python Software Foundation Python 2.5.1
Python Software Foundation Python 2.4.5
Python Software Foundation Python 2.4.4 -r14
Python Software Foundation Python 2.4.4
Python Software Foundation Python 2.4.3
+ Trustix Secure Linux 3.0.5
Python Software Foundation Python 2.4.2
Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.6
Python Software Foundation Python 2.3.5
Python Software Foundation Python 2.3.4
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.3.3
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3 b1
Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 3.2
Python Software Foundation Python 2.7
Python Software Foundation Python 2.6
Python Software Foundation Python 2.5.5c2
Python Software Foundation Python 2.5
Mercurial Mercurial 1.6.3
Mercurial Mercurial 1.0.2
Mercurial Mercurial 1.0.1
GNU Bazaar 2.2.1
Ataraxia Consulting linode-python 0
Apache Software Foundation libcloud 0.3.1
Not Vulnerable: Mercurial Mercurial 1.6.4


 

Privacy Statement
Copyright 2010, SecurityFocus