Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue in audit.ssl_certificate plugin #13875

Closed
LocutusOfBorg opened this issue May 17, 2016 · 5 comments
Closed

Security issue in audit.ssl_certificate plugin #13875

LocutusOfBorg opened this issue May 17, 2016 · 5 comments
Assignees
@andresriancho
Labels
bug core
Milestone
1.7 - REST API

Comments

@LocutusOfBorg
Copy link

the embedded copy of ssl certificate handler suffers from a known CVE-2013-2099
http://bugs.python.org/issue17980

https://hg.python.org/cpython/rev/b9b521efeba3

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709071

CVE request: http://www.openwall.com/lists/oss-security/2013/05/15/6
Upstream: http://bugs.python.org/issue17980
@andresriancho andresriancho added this to the 1.7 - REST API milestone May 18, 2016
@andresriancho andresriancho self-assigned this May 18, 2016
@andresriancho
Copy link
Owner

Vulnerable code here

The patch we need to apply is here

@andresriancho andresriancho changed the title security issue in w3af/w3af/plugins/audit/ssl_certificate.py Security issue in audit.ssl_certificate plugin May 18, 2016
@andresriancho
Copy link
Owner

@LocutusOfBorg thanks for finding and reporting this! I'm curious, how did you stumble with this issue?

@LocutusOfBorg
Copy link
Author

I'm the Debian maintainer, and I tried to look at all the open bugs against w3af, to make sure they were all reported/fixed or to report them :)

@andresriancho
Copy link
Owner

I know who you're :)

But did you review all the source for w3af? Did a tool reported this?

@LocutusOfBorg
Copy link
Author

LocutusOfBorg commented May 18, 2016
edited

I know who you're :)

they say traumatic experiences are easily forgotten :)

But did you review all the source for w3af? Did a tool reported this?

the CVE was reported against python, and somebody checked on codesearch.debian.net (a service that gives you a search engine about code in the whole debian main archive)

something like this I guess
https://codesearch.debian.net/results/def%20_dnsname_to_pat/page_0
might have been the right query to find embedded code copies of that implementation
(some false positive of course)

but I might be wrong eh :)

niklasfemerstrand pushed a commit to niklasfemerstrand/w3af that referenced this issue Jun 22, 2017
Fixes CVE-2013-2099
20e8502 
andresriancho#13875
@niklasfemerstrand niklasfemerstrand mentioned this issue Jun 22, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andresriancho andresriancho

Labels
bug core
Projects
None yet
Milestone
1.7 - REST API
Development

No branches or pull requests
2 participants
@andresriancho @LocutusOfBorg