Vulnerability Description
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Python Glanceclient | 0.4.0 |
| Opensuse | Opensuse | 12.3 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00019.html
- http://rhn.redhat.com/errata/RHSA-2013-1200.html
- http://secunia.com/advisories/54313Vendor Advisory
- http://secunia.com/advisories/54525Vendor Advisory
- http://www.ubuntu.com/usn/USN-2004-1
- https://bugs.launchpad.net/ossa/+bug/1192229
- https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rs
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00019.html
- http://rhn.redhat.com/errata/RHSA-2013-1200.html
- http://secunia.com/advisories/54313Vendor Advisory
- http://secunia.com/advisories/54525Vendor Advisory
- http://www.ubuntu.com/usn/USN-2004-1
- https://bugs.launchpad.net/ossa/+bug/1192229
- https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rs
FAQ
What is CVE-2013-4111?
CVE-2013-4111 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in th...
How severe is CVE-2013-4111?
CVE-2013-4111 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4111?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Python Glanceclient, Opensuse Opensuse.