The ssl.match_hostname function in the SSL module in Python 2.6 up to and including 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
canonical ubuntu linux 10.04 |
||
python python 2.6.1 |
||
python python 2.6.7 |
||
python python 2.6.8 |
||
python python 2.7.2150 |
||
python python 2.7.3 |
||
python python 3.1.3 |
||
python python 3.1.4 |
||
python python 2.6.3 |
||
python python 2.6.4 |
||
python python 2.6.5 |
||
python python 2.7.1 |
||
python python 2.7.1150 |
||
python python 3.1 |
||
python python 3.1.1 |
||
python python 3.2.2150 |
||
python python 3.2.3 |
||
python python 2.6.2 |
||
python python 2.6.2150 |
||
python python 3.0 |
||
python python 3.0.1 |
||
python python 3.1.5 |
||
python python 3.2 |
||
python python 3.4 |
||
python python 2.6.6 |
||
python python 2.6.6150 |
||
python python 2.7.2 |
||
python python 3.1.2 |
||
python python 3.1.2150 |
||
python python 3.3 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 12.2 |
Vulmon