Python rhn-setup CVE-2015-1777 SSL Certificate Validation Security Bypass Vulnerability

Python rhn-setup is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Information

Bugtraq ID: 72943
Class: Design Error
CVE: CVE-2015-1777

Remote: Yes
Local: No
Published: Mar 04 2015 12:00AM
Updated: Mar 04 2015 12:00AM
Credit: Jan Bee of the Google Security.
Vulnerable: python rhn-setup 0

Not Vulnerable:

Exploit

An attacker can use readily available tools to exploit this issue.

References:

Bug 1198740 - (CVE-2015-1777) CVE-2015-1777 rhn-setup: rhnreg_ks fails to proper (Red Hat Bugzilla)
Python Homepage (Python)
CVE-2015-1777 (Redhat)

Source: www.securityfocus.com

Exploit Collector

Search Exploit