Date: Wed, 15 May 2013 07:19:33 -0400 (EDT) From: Jan Lieskovsky <jlieskov@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org>, Florian Weimer <fweimer@...hat.com>, Ian Weller <ianweller@...oraproject.org> Subject: CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Hello Kurt, Steve, vendors, A denial of service flaw was found in the way python-backports-ssl_match_hostname, an implementation that brings the ssl.match_hostname() function from Python 3.2 to users of earlier versions of Python, performed matching of the certificate's name in the case it contained many '*' wildcard characters. A remote attacker, able to obtain valid certificate [*] with its name containing a lot of '*' wildcard characters, could use this flaw to cause denial of service (excessive CPU time consumption) by issuing request to validate that certificate for / in an application using the python-backports-ssl_match_hostname functionality. Upstream bug report (no patch yet):  http://bugs.python.org/issue17980 References:  https://bugzilla.redhat.com/show_bug.cgi?id=963186 Credit: Issue was found by Florian Weimer of Red Hat Product Security Team Could you allocate a CVE identifier for this (it's possible that Python 3.2 implementation is vulnerable to the same problem too, will check that case yet)? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team -- [*] Would be minor issue because ability to obtain such valid certificate would mean the necessity to use some compromised CA. On the other hand though being corner case, can't be completely excluded.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ