CVE-2012-3533 - Vulnerability Details - OpenCVE

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ovirt	Ovirt Ovirt-engine-cli
Ovirt-engine-sdk	3.1.0.5

Configuration 1 [-]

OR	cpe:2.3:a:ovirt:ovirt:3.1:::::::*
	cpe:2.3:a:ovirt:ovirt-engine-cli::::::::
	cpe:2.3:a:ovirt-engine-sdk:3.1.0.5::::::::

No data.

References

Link	Providers
http://gerrit.ovirt.org/#/c/7209/
http://gerrit.ovirt.org/#/c/7249/
http://secunia.com/advisories/50409
http://www.openwall.com/lists/oss-security/2012/08/24/6
http://www.openwall.com/lists/oss-security/2012/08/26/1
http://www.securityfocus.com/bid/55208
https://bugzilla.redhat.com/show_bug.cgi?id=851672
https://exchange.xforce.ibmcloud.com/vulnerabilities/77984

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-31T20:00:00

Updated: 2024-08-06T20:13:49.917Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3533

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-31T20:55:01.043

Modified: 2024-11-21T01:41:04.747

Link: CVE-2012-3533

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "55208", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55208"}, {"name": "[oss-security] 20120824 oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/24/6"}, {"name": "[oss-security] 20120826 Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/08/26/1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851672"}, {"name": "50409", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50409"}, {"name": "ovirt-ssl-spoofing(77984)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77984"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gerrit.ovirt.org/#/c/7209/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gerrit.ovirt.org/#/c/7249/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3533", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55208", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55208"}, {"name": "[oss-security] 20120824 oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/24/6"}, {"name": "[oss-security] 20120826 Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/08/26/1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=851672", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851672"}, {"name": "50409", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/50409"}, {"name": "ovirt-ssl-spoofing(77984)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77984"}, {"name": "http://gerrit.ovirt.org/#/c/7209/", "refsource": "CONFIRM", "url": "http://gerrit.ovirt.org/#/c/7209/"}, {"name": "http://gerrit.ovirt.org/#/c/7249/", "refsource": "CONFIRM", "url": "http://gerrit.ovirt.org/#/c/7249/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:13:49.917Z"}, "title": "CVE Program Container", "references": [{"name": "55208", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55208"}, {"name": "[oss-security] 20120824 oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/24/6"}, {"name": "[oss-security] 20120826 Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/08/26/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851672"}, {"name": "50409", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50409"}, {"name": "ovirt-ssl-spoofing(77984)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77984"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://gerrit.ovirt.org/#/c/7209/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://gerrit.ovirt.org/#/c/7249/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3533", "datePublished": "2012-08-31T20:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:13:49.917Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:ovirt:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "24E8D83A-F88C-4B38-B57D-A0E51039EAF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovirt:ovirt-engine-cli:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFD9ADF2-1CD4-4A10-A5F5-22EA7ACF5EA9", "versionEndIncluding": "3.1.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovirt-engine-sdk:3.1.0.5:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BFC8F16-032B-410D-B2DE-69B3DED8B27A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack."}, {"lang": "es", "value": "El SDK de Python antes de v3.1.0.6 y v3.1.0.8 y CLI antes de v3.1.0.8 para oVirt v3.1 no comprueban el certificado SSL de servidor contra las claves de cliente, lo que permite a atacantes remotos falsificar un servidor a trav\u00e9s de un ataque man-in-the-middle (MITM).\r\n"}], "id": "CVE-2012-3533", "lastModified": "2024-11-21T01:41:04.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-31T20:55:01.043", "references": [{"source": "secalert@redhat.com", "url": "http://gerrit.ovirt.org/#/c/7209/"}, {"source": "secalert@redhat.com", "url": "http://gerrit.ovirt.org/#/c/7249/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50409"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/24/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/08/26/1"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/55208"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851672"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://gerrit.ovirt.org/#/c/7209/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://gerrit.ovirt.org/#/c/7249/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/08/24/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/08/26/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851672"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77984"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}