FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname

Affected packages
py-libcloud < 0.11.1

Details

VuXML ID a14dee30-e3d7-11e1-a084-50e5492bd3dc
Discovery 2012-08-01
Entry 2012-08-11

The libcloud development team reports:

When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked an an acceptable match for the given hostname. For example, certificate with a hostname field of "aexample.com" was considered a valid certificate for domain "example.com".

[source]

References

CVE Name CVE-2012-3446
URL http://seclists.org/fulldisclosure/2012/Aug/55

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.