PT-2012-4791 · Ovirt · Ovirt

Vincent Danen

Published

2012-08-31

Updated

2017-08-29

CVE-2012-3533

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions oVirt 3.1 python SDK versions prior to 3.1.0.6 oVirt 3.1 CLI versions prior to 3.1.0.8

Description The issue allows remote attackers to perform a man-in-the-middle (MITM) attack by spoofing a server. This is possible because the python SDK and CLI do not check the server SSL certificate against the client keys.

Recommendations For oVirt 3.1 python SDK versions prior to 3.1.0.6, update to version 3.1.0.6 or later to resolve the issue. For oVirt 3.1 CLI versions prior to 3.1.0.8, update to version 3.1.0.8 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2012-3533

Affected Products

Ovirt

PT-2012-4791 · Ovirt · Ovirt

CVE-2012-3533

Weakness Enumeration

Related Identifiers

Affected Products

References · 9