oss-sec mailing list archives
CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters }
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 15 May 2013 07:28:38 -0400 (EDT)
----- Original Message -----
From: "Jan Lieskovsky" <jlieskov () redhat com> To: oss-security () lists openwall com Cc: "Steven M. Christey" <coley () linus mitre org>, "Florian Weimer" <fweimer () redhat com>, "Ian Weller" <ianweller () fedoraproject org> Sent: Wednesday, May 15, 2013 1:19:33 PM Subject: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Hello Kurt, Steve, vendors, A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match_hostname() function from Python 3.2 to users of earlier versions of Python, performed matching of the certificate's name in the case it contained many '*' wildcard characters. A remote attacker, able to obtain valid certificate [*] with its name containing a lot of '*' wildcard characters, could use this flaw to cause denial of service (excessive CPU time consumption) by issuing request to validate that certificate for / in an application using the python-backports-ssl_match_hostname functionality. Upstream bug report (no patch yet): [1] http://bugs.python.org/issue17980 References: [2] https://bugzilla.redhat.com/show_bug.cgi?id=963186 Credit: Issue was found by Florian Weimer of Red Hat Product Security Team Could you allocate a CVE identifier for this (it's possible that Python 3.2 implementation is vulnerable to the same problem too, will check that case yet)?
Replying to myself here. Issue is present in Python 3.2 code too - so the CVE should be allocated for the original (Python 3.2) code, rather than to python-backports-ssl_match_hostname package. Updated subject of the request to reflect this. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team -- [*] Would be minor issue because ability to obtain such valid certificate would mean the necessity to use some compromised CA. On the other hand though being corner case, can't be completely excluded.
Current thread:
- CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Jan Lieskovsky (May 15)
- CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky (May 15)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 15)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 20)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 22)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 23)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 15)
- CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky (May 15)