oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 04 Mar 2015 10:55:17 -0700
https://bugzilla.redhat.com/show_bug.cgi?id=1198740

Jan Bee of the Google Security Team reports:

The /usr/sbin/rhnreg_ks fails to properly validate hostnames in
certificates. This can result in man in the middle attacks.

===

Please note that this issue cannot easily be exploited to cause any
significant damage to a system other then preventing registration from
taking place properly which the attacker would be able to do in any
event if the can man in the middle the connection.



-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: