856274 – (CVE-2013-6444) VUL-0: CVE-2013-6444: python-pywbem: failure to check certificate hostname

Bug 856274 (CVE-2013-6444) - VUL-0: CVE-2013-6444: python-pywbem: failure to check certificate hostname

Summary: VUL-0: CVE-2013-6444: python-pywbem: failure to check certificate hostname

Status:	RESOLVED DUPLICATE of bug 856323

Alias:	CVE-2013-6444

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Pawel Wieczorkiewicz
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-12-19 10:58 UTC by Victor Pereira
Modified:	2014-01-07 12:06 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2013-12-19 10:58:44 UTC

CVE-2013-6444

It was found that PyWBEM, a Python library for making CIM (Common Information Model) operations over HTTP using the WBEM CIM-XML protocol, failed to verify the URI matches the Subject of the certificate. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6444
https://bugzilla.redhat.com/show_bug.cgi?id=1044246

Comment 1 Swamp Workflow Management 2013-12-19 23:00:23 UTC

bugbot adjusting priority

Comment 2 Klaus Kämpf 2014-01-02 07:56:34 UTC

Re-assign to maintainer

See also http://sourceforge.net/mailarchive/message.php?msg_id=31796894

Comment 3 Pawel Wieczorkiewicz 2014-01-07 12:06:31 UTC

This one is related to 856108 and 856323

*** This bug has been marked as a duplicate of bug 856323 ***