Search...

Debian DSA-2763-1 : pyopenssl - hostname check bypassing

2013-09-25T00:00:00

ID DEBIAN_DSA-2763.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-11T00:00:00

Description

It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.

A remote attacker in the position to obtain a certificate for 'www.foo.org\0.example.com' from a CA that a SSL client trusts, could use this to spoof 'www.foo.org' and conduct man-in-the-middle attacks between the PyOpenSSL-using client and the SSL server.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2763. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70105);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-4314");
  script_bugtraq_id(62258);
  script_xref(name:"DSA", value:"2763");

  script_name(english:"Debian DSA-2763-1 : pyopenssl - hostname check bypassing");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL
library, does not properly handle certificates with NULL characters in
the Subject Alternative Name field.

A remote attacker in the position to obtain a certificate for
'www.foo.org\0.example.com' from a CA that a SSL client trusts, could
use this to spoof 'www.foo.org' and conduct man-in-the-middle attacks
between the PyOpenSSL-using client and the SSL server."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/pyopenssl"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/pyopenssl"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2013/dsa-2763"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the pyopenssl packages.

For the oldstable distribution (squeeze), this problem has been fixed
in version 0.10-1+squeeze1.

For the stable distribution (wheezy), this problem has been fixed in
version 0.13-2+deb7u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:pyopenssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"python-openssl", reference:"0.10-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"python-openssl-dbg", reference:"0.10-1+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"python-openssl-doc", reference:"0.10-1+squeeze1")) flag++;
if (deb_check(release:"7.0", prefix:"python-openssl", reference:"0.13-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"python-openssl-dbg", reference:"0.13-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"python-openssl-doc", reference:"0.13-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"python3-openssl", reference:"0.13-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"python3-openssl-dbg", reference:"0.13-2+deb7u1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DSA-2763.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DSA-2763-1 : pyopenssl - hostname check bypassing", "description": "It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.\n\nA remote attacker in the position to obtain a certificate for 'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could use this to spoof 'www.foo.org' and conduct man-in-the-middle attacks between the PyOpenSSL-using client and the SSL server.", "published": "2013-09-25T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/70105", "reporter": "This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055", "https://www.debian.org/security/2013/dsa-2763", "https://packages.debian.org/source/squeeze/pyopenssl", "https://packages.debian.org/source/wheezy/pyopenssl", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4314"], "cvelist": ["CVE-2013-4314"], "immutableFields": [], "lastseen": "2021-08-19T12:52:54", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4314"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2763-1:3E71D", "DEBIAN:DSA-2763-1:85BD4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2013-4314"]}, {"type": "f5", "idList": ["SOL15151"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2013-233.NASL", "OPENSUSE-2013-822.NASL", "UBUNTU_USN-1965-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841556", "OPENVAS:1361412562310892763", "OPENVAS:841556", "OPENVAS:892763"]}, {"type": "ubuntu", "idList": ["USN-1965-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2013-4314"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2013-4314"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2763-1:3E71D"]}, {"type": "f5", "idList": ["SOL15151"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1965-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:841556"]}, {"type": "ubuntu", "idList": ["USN-1965-1"]}]}, "exploitation": null, "vulnersScore": 5.2}, "pluginID": "70105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2763. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70105);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4314\");\n script_bugtraq_id(62258);\n script_xref(name:\"DSA\", value:\"2763\");\n\n script_name(english:\"Debian DSA-2763-1 : pyopenssl - hostname check bypassing\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.\n\nA remote attacker in the position to obtain a certificate for\n'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could\nuse this to spoof 'www.foo.org' and conduct man-in-the-middle attacks\nbetween the PyOpenSSL-using client and the SSL server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/pyopenssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/pyopenssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2763\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the pyopenssl packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 0.10-1+squeeze1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.13-2+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pyopenssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"python-openssl\", reference:\"0.10-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-openssl-dbg\", reference:\"0.10-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-openssl-doc\", reference:\"0.10-1+squeeze1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-openssl\", reference:\"0.13-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-openssl-dbg\", reference:\"0.13-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-openssl-doc\", reference:\"0.13-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python3-openssl\", reference:\"0.13-2+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python3-openssl-dbg\", reference:\"0.13-2+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:pyopenssl", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0"], "solution": "Upgrade the pyopenssl packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in version 0.10-1+squeeze1.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 0.13-2+deb7u1.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2013-09-24T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"nessus": [{"lastseen": "2021-08-19T12:53:12", "description": "It was discovered that pyOpenSSL did not properly handle certificates with NULL characters in the Subject Alternative Name field. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-24T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : pyopenssl vulnerability (USN-1965-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4314"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-openssl", "p-cpe:/a:canonical:ubuntu_linux:python3-openssl", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:13.04"], "id": "UBUNTU_USN-1965-1.NASL", "href": "https://www.tenable.com/plugins/nessus/70087", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1965-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70087);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-4314\");\n script_bugtraq_id(62258);\n script_xref(name:\"USN\", value:\"1965-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : pyopenssl vulnerability (USN-1965-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that pyOpenSSL did not properly handle certificates\nwith NULL characters in the Subject Alternative Name field. An\nattacker could exploit this to perform a man in the middle attack to\nview sensitive information or alter encrypted communications.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1965-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-openssl and / or python3-openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python-openssl\", pkgver:\"0.10-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python-openssl\", pkgver:\"0.12-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"python-openssl\", pkgver:\"0.13-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"python3-openssl\", pkgver:\"0.13-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"python-openssl\", pkgver:\"0.13-2ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"13.04\", pkgname:\"python3-openssl\", pkgver:\"0.13-2ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-openssl / python3-openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:58", "description": "update to 0.13.1 fixes the following security issue: 		 NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314) 	\nCVE-2013-4314", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python-pyOpenSSL (openSUSE-SU-2013:1648-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4314"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-pyOpenSSL", "p-cpe:/a:novell:opensuse:python-pyOpenSSL-debuginfo", "p-cpe:/a:novell:opensuse:python-pyOpenSSL-debugsource", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-822.NASL", "href": "https://www.tenable.com/plugins/nessus/75190", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-822.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75190);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4314\");\n script_bugtraq_id(62258);\n\n script_name(english:\"openSUSE Security Update : python-pyOpenSSL (openSUSE-SU-2013:1648-1)\");\n script_summary(english:\"Check for the openSUSE-2013-822 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"update to 0.13.1 fixes the following security issue: 		 NUL byte\nhandling in subjectAltName (bnc#839107, CVE-2013-4314) 	\nCVE-2013-4314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=839107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-11/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-pyOpenSSL packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-pyOpenSSL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-pyOpenSSL-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-pyOpenSSL-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-pyOpenSSL-0.12-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-pyOpenSSL-debuginfo-0.12-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"python-pyOpenSSL-debugsource-0.12-7.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-pyOpenSSL-0.13.1-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-pyOpenSSL-debuginfo-0.13.1-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-pyOpenSSL-debugsource-0.13.1-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-pyOpenSSL / python-pyOpenSSL-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:53:05", "description": "A vulnerability has been discovered and corrected in python-OpenSSL :\n\nThe string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing (CVE-2013-4314).\n\nThe updated packages have been patched to correct this issue.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-14T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : python-OpenSSL (MDVSA-2013:233)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4314"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:python-OpenSSL", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2013-233.NASL", "href": "https://www.tenable.com/plugins/nessus/69891", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:233. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69891);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4314\");\n script_bugtraq_id(62258);\n script_xref(name:\"MDVSA\", value:\"2013:233\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python-OpenSSL (MDVSA-2013:233)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in python-OpenSSL :\n\nThe string formatting of subjectAltName X509Extension instances in\npyOpenSSL before 0.13.1 incorrectly truncated fields of the name when\nencountering a null byte, possibly allowing man-in-the-middle attacks\nthrough certificate spoofing (CVE-2013-4314).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-OpenSSL package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-OpenSSL\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-OpenSSL-0.12-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:37:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2013-09-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for pyopenssl USN-1965-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4314"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1965_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for pyopenssl USN-1965-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841556\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:48:56 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4314\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Ubuntu Update for pyopenssl USN-1965-1\");\n\n script_tag(name:\"affected\", value:\"pyopenssl on Ubuntu 13.04,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"It was discovered that pyOpenSSL did not properly handle certificates with\nNULL characters in the Subject Alternative Name field. An attacker could\nexploit this to perform a man in the middle attack to view sensitive\ninformation or alter encrypted communications.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"1965-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1965-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pyopenssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|12\\.10|13\\.04)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.12-1ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.10-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.13-2ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-openssl\", ver:\"0.13-2ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.13-2ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-openssl\", ver:\"0.13-2ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:05", "description": "It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.", "cvss3": {}, "published": "2013-09-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2763-1 (pyopenssl - hostname check bypassing)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4314"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310892763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892763", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2763.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2763-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892763\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-4314\");\n script_name(\"Debian Security Advisory DSA 2763-1 (pyopenssl - hostname check bypassing)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 00:00:00 +0200 (Tue, 24 Sep 2013)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2763.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"pyopenssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.10-1+squeeze1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.13-2+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.13-2.1.\n\nWe recommend that you upgrade your pyopenssl packages.\");\n script_tag(name:\"summary\", value:\"It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.10-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-openssl-dbg\", ver:\"0.10-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-openssl-doc\", ver:\"0.10-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-openssl-dbg\", ver:\"0.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-openssl-doc\", ver:\"0.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-openssl\", ver:\"0.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-openssl-dbg\", ver:\"0.13-2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:22:04", "description": "Check for the Version of pyopenssl", "cvss3": {}, "published": "2013-09-24T00:00:00", "type": "openvas", "title": "Ubuntu Update for pyopenssl USN-1965-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4314"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841556", "href": "http://plugins.openvas.org/nasl.php?oid=841556", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1965_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for pyopenssl USN-1965-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841556);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-24 11:48:56 +0530 (Tue, 24 Sep 2013)\");\n script_cve_id(\"CVE-2013-4314\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Ubuntu Update for pyopenssl USN-1965-1\");\n\n tag_insight = \"It was discovered that pyOpenSSL did not properly handle certificates with\nNULL characters in the Subject Alternative Name field. An attacker could\nexploit this to perform a man in the middle attack to view sensitive\ninformation or alter encrypted communications.\";\n\n tag_affected = \"pyopenssl on Ubuntu 13.04 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"1965-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1965-1/\");\n script_summary(\"Check for the Version of pyopenssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.12-1ubuntu2.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.10-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.13-2ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-openssl\", ver:\"0.13-2ubuntu1.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.13-2ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3-openssl\", ver:\"0.13-2ubuntu3.1\", rls:\"UBUNTU13.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:59", "description": "It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.\n\nA remote attacker in the position to obtain a certificate for\n'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could\nuse this to spoof www.foo.org \nand conduct man-in-the-middle attacks\nbetween the PyOpenSSL-using client and the SSL server.", "cvss3": {}, "published": "2013-09-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2763-1 (pyopenssl - hostname check bypassing)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4314"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:892763", "href": "http://plugins.openvas.org/nasl.php?oid=892763", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2763.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2763-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"pyopenssl on Debian Linux\";\ntag_insight = \"pyopenssl is a high-level wrapper around a subset of the OpenSSL\nlibrary.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.10-1+squeeze1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.13-2+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.13-2.1.\n\nWe recommend that you upgrade your pyopenssl packages.\";\ntag_summary = \"It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.\n\nA remote attacker in the position to obtain a certificate for\n'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could\nuse this to spoof www.foo.org \nand conduct man-in-the-middle attacks\nbetween the PyOpenSSL-using client and the SSL server.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892763);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-4314\");\n script_name(\"Debian Security Advisory DSA 2763-1 (pyopenssl - hostname check bypassing)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-09-24 00:00:00 +0200 (Tue, 24 Sep 2013)\");\n script_tag(name: \"cvss_base\", value:\"4.3\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2763.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.10-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-openssl-dbg\", ver:\"0.10-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-openssl-doc\", ver:\"0.10-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-openssl\", ver:\"0.13-2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-openssl-dbg\", ver:\"0.13-2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-openssl-doc\", ver:\"0.13-2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-openssl\", ver:\"0.13-2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-openssl-dbg\", ver:\"0.13-2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:53:06", "description": "The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a\n'\\0' character in a domain name in the Subject Alternative Name field of an\nX.509 certificate, which allows man-in-the-middle attackers to spoof\narbitrary SSL servers via a crafted certificate issued by a legitimate\nCertification Authority.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722055>\n", "cvss3": {}, "published": "2013-09-09T00:00:00", "type": "ubuntucve", "title": "CVE-2013-4314", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2013-09-09T00:00:00", "id": "UB:CVE-2013-4314", "href": "https://ubuntu.com/security/CVE-2013-4314", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-21T23:39:11", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2763-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 24, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pyopenssl\nVulnerability : hostname check bypassing\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4314\nDebian Bug : 722055\n\nIt was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.\n\nA remote attacker in the position to obtain a certificate for\n'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could\nuse this to spoof 'www.foo.org' and conduct man-in-the-middle attacks\nbetween the PyOpenSSL-using client and the SSL server.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.10-1+squeeze1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.13-2+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.13-2.1.\n\nWe recommend that you upgrade your pyopenssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-09-24T16:54:26", "type": "debian", "title": "[SECURITY] [DSA 2763-1] pyopenssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2013-09-24T16:54:26", "id": "DEBIAN:DSA-2763-1:3E71D", "href": "https://lists.debian.org/debian-security-announce/2013/msg00174.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-11-29T23:20:06", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2763-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nSeptember 24, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : pyopenssl\nVulnerability : hostname check bypassing\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4314\nDebian Bug : 722055\n\nIt was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.\n\nA remote attacker in the position to obtain a certificate for\n'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could\nuse this to spoof 'www.foo.org' and conduct man-in-the-middle attacks\nbetween the PyOpenSSL-using client and the SSL server.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.10-1+squeeze1.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 0.13-2+deb7u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.13-2.1.\n\nWe recommend that you upgrade your pyopenssl packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2013-09-24T16:54:26", "type": "debian", "title": "[SECURITY] [DSA 2763-1] pyopenssl security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2013-09-24T16:54:26", "id": "DEBIAN:DSA-2763-1:85BD4", "href": "https://lists.debian.org/debian-security-announce/2013/msg00174.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "f5": [{"lastseen": "2016-09-26T17:23:31", "description": "Recommended action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "f5", "title": "SOL15151 - pyOpenSSL vulnerability CVE-2013-4314", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2014-04-10T00:00:00", "id": "SOL15151", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15151.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osv": [{"lastseen": "2022-05-11T21:45:26", "description": "The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "cvss3": {}, "published": "2013-09-30T21:55:00", "type": "osv", "title": "PYSEC-2013-31", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2021-08-27T03:22:17", "id": "OSV:PYSEC-2013-31", "href": "https://osv.dev/vulnerability/PYSEC-2013-31", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing (CVE-2013-4314). \n", "cvss3": {}, "published": "2013-09-13T20:16:05", "type": "mageia", "title": "Updated python-OpenSSL package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2013-09-13T20:16:05", "id": "MGASA-2013-0277", "href": "https://advisories.mageia.org/MGASA-2013-0277.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T13:32:22", "description": "The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "cvss3": {}, "published": "2013-09-30T21:55:00", "type": "cve", "title": "CVE-2013-4314", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2013-12-08T06:00:00", "cpe": ["cpe:/a:jean-paul_calderone:pyopenssl:0.10", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:jean-paul_calderone:pyopenssl:0.13", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:jean-paul_calderone:pyopenssl:0.9", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:jean-paul_calderone:pyopenssl:0.11", "cpe:/a:jean-paul_calderone:pyopenssl:0.8", "cpe:/a:jean-paul_calderone:pyopenssl:0.12", "cpe:/o:canonical:ubuntu_linux:13.04", "cpe:/a:jean-paul_calderone:pyopenssl:0.7"], "id": "CVE-2013-4314", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4314", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.13:*:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.8:a1:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.11:a1:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.12:*:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:jean-paul_calderone:pyopenssl:0.11:a2:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2021-12-14T17:52:05", "description": "The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", "cvss3": {}, "published": "2013-09-30T21:55:00", "type": "debiancve", "title": "CVE-2013-4314", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2013-09-30T21:55:00", "id": "DEBIANCVE:CVE-2013-4314", "href": "https://security-tracker.debian.org/tracker/CVE-2013-4314", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2022-02-25T23:35:36", "description": "It was discovered that pyOpenSSL did not properly handle certificates with \nNULL characters in the Subject Alternative Name field. An attacker could \nexploit this to perform a machine-in-the-middle attack to view sensitive \ninformation or alter encrypted communications.\n", "cvss3": {}, "published": "2013-09-23T00:00:00", "type": "ubuntu", "title": "pyOpenSSL vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4314"], "modified": "2013-09-23T00:00:00", "id": "USN-1965-1", "href": "https://ubuntu.com/security/notices/USN-1965-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}