| Revision Date: | 2017-04-10 | Version: | 1 | | Title: | CVE-2015-7826 on Ubuntu 12.04 LTS (precise) - medium. | | Description: | botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. Otherwise valid certificates using wildcards would be accepted as matching certain hostnames that should they should not according to RFC 6125. For example a certificate issued for ‘*.example.com’ should match ‘foo.example.com’ but not ‘example.com’ or ‘bar.foo.example.com’. Previously Botan would accept such a certificate as valid for ‘bar.foo.example.com’. botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. Otherwise valid certificates using wildcards would be accepted as matching certain hostnames that should they should not according to RFC 6125. For example a certificate issued for ‘*.example.com’ should match ‘foo.example.com’ but not ‘example.com’ or ‘bar.foo.example.com’. Previously Botan would accept such a certificate as valid for ‘bar.foo.example.com’. RFC 6125 also requires that when matching a X.509 certificate against a DNS name, the CN entry is only compared if no subjectAlternativeName entry is available. Previously X509_Certificate::matches_dns_name would always check both names. | | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2015-7826
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND While related to the CVE in some way, the 'botan1.10' package in precise is not affected.
|
|