oss-sec mailing list archives
Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters }
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 15 May 2013 19:51:38 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/15/2013 05:28 AM, Jan Lieskovsky wrote:
----- Original Message -----From: "Jan Lieskovsky" <jlieskov () redhat com> To: oss-security () lists openwall com Cc: "Steven M. Christey" <coley () linus mitre org>, "Florian Weimer" <fweimer () redhat com>, "Ian Weller" <ianweller () fedoraproject org> Sent: Wednesday, May 15, 2013 1:19:33 PM Subject: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Hello Kurt, Steve, vendors, A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match_hostname() function from Python 3.2 to users of earlier versions of Python, performed matching of the certificate's name in the case it contained many '*' wildcard characters. A remote attacker, able to obtain valid certificate [*] with its name containing a lot of '*' wildcard characters, could use this flaw to cause denial of service (excessive CPU time consumption) by issuing request to validate that certificate for / in an application using the python-backports-ssl_match_hostname functionality. Upstream bug report (no patch yet): [1] http://bugs.python.org/issue17980 References: [2] https://bugzilla.redhat.com/show_bug.cgi?id=963186 Credit: Issue was found by Florian Weimer of Red Hat Product Security Team Could you allocate a CVE identifier for this (it's possible that Python 3.2 implementation is vulnerable to the same problem too, will check that case yet)?Replying to myself here. Issue is present in Python 3.2 code too - so the CVE should be allocated for the original (Python 3.2) code, rather than to python-backports-ssl_match_hostname package. Updated subject of the request to reflect this. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response TeamThank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team -- [*] Would be minor issue because ability to obtain such valid certificate would mean the necessity to use some compromised CA. On the other hand though being corner case, can't be completely excluded.
Please use CVE-2013-2099 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRlDupAAoJEBYNRVNeJnmTR4QQAJigfFc7LqZbJJ2zKAZrNJNe uXTXrhsNYGLWXXjInanJbDLgTtcuJp+xwhgBT/2GPLkZpapIrzmusysLnXXOh3mr FAktSJEMqIj8SMf2Zccb1mLmWUVACSHq5uTA6rvU6BErv2/0sHvmjMDulNlVhkYs vLf8i1D/yoE1hYef2xj6pkTcu7bRQQ9VbJWsiNwNU59MePMgIR78504HzmCkenYH oK4Uv3P0a566FtX2wkgpPKkkYS4wTakaUrbqt7HeSArQ8NSlPc8FKelzn2H2qgje YzzjZL0psOfpXsaj3wy8QLfRyVDAVdSXiLLMR8tFgA1KyXvmT+OJI05UAySe/NjY huMxIc8Gy9rrEjQcpDEz9KgQXsNmIrUAasZcYXCmAM5309Pn0m3uSMHC6WX8kVlu p2ikwjiVQc3iubBo2tVhgOuPshZ84tDrNz6CArtXpfBleYZ1Gk6qhRhngQCAPW6W TQhQ85KycnOzQZmkHeVme7Z1EgdpFF1fkw8xXu4mU+6aqYSgXdOVVf9oGNW5brd2 27SVJj7eaYZyklqAnTKrIGpnLyg9e/GPr1T7q6L2I5QbX+8dls5U/0m0tw8COxLF vzjDQHgkg4C/vNLP9032b083Cgm56/ypGXOXQHFaz1b9yTS9HB6Biaix2R/6ieOJ RleZ90iLyFQKiUV9M/ua =M2WT -----END PGP SIGNATURE-----
Current thread:
- CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Jan Lieskovsky (May 15)
- CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky (May 15)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 15)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 20)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 22)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 23)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 15)
- CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky (May 15)