Информационная безопасность
[RU] switch to English

Уязвимости безопасности в библиотеках python
Опубликовано:11 сентября 2013 г.
SecurityVulns ID:13283
Уровень опасности:
Описание:DoS через SSL-сертификаты, обход защиты.
CVE:CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.)
 CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:227 ] python-setuptools (11.09.2013)
 documentMANDRIVA, [ MDVSA-2013:229 ] bzr (11.09.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород