diff options
author | Roman Bogorodskiy <novel@FreeBSD.org> | 2012-08-11 17:41:52 +0000 |
---|---|---|
committer | Roman Bogorodskiy <novel@FreeBSD.org> | 2012-08-11 17:41:52 +0000 |
commit | 533ecc2a4ff72cd8de9cb625f254807ef975cc55 (patch) | |
tree | 16b43128fb724f76c5541b9aee99e448bdbb6e03 /security | |
parent | b58a783015317b26138a909812d80740fad93b78 (diff) | |
download | ports-533ecc2a4ff72cd8de9cb625f254807ef975cc55.tar.gz ports-533ecc2a4ff72cd8de9cb625f254807ef975cc55.zip |
Document libcloud MITM vuln.
Security: CVE-2012-3446
Notes
Notes:
svn path=/head/; revision=302418
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 96c4a97ab2b6..1c1020708f6e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a14dee30-e3d7-11e1-a084-50e5492bd3dc"> + <topic>libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname</topic> + <affects> + <package> + <name>py-libcloud</name> + <range><lt>0.11.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The libcloud development team reports:</p> + <blockquote cite="http://libcloud.apache.org/security.html"> + <p>When establishing a secure (SSL / TLS) connection to a target server an invalid regular + expression has been used for performing the hostname verification. Subset instead of the + full target server hostname has been marked an an acceptable match for the given hostname. + + For example, certificate with a hostname field of "aexample.com" was considered a valid + certificate for domain "example.com".</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-3446</cvename> + <url>http://seclists.org/fulldisclosure/2012/Aug/55</url> + </references> + <dates> + <discovery>2012-08-01</discovery> + <entry>2012-08-11</entry> + </dates> + </vuln> + <vuln vid="aca0d7e0-e38a-11e1-999b-e0cb4e266481"> <topic>phpMyAdmin -- Path disclosure due to missing library</topic> <affects> |