Back to search
CVE-2013-2100
Published: Sep 29, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20130515 Re: CVE Request: Man in the middle on Gentoo Portage binary package installer
mailing-list
x_refsource_MLIST
GLSA-201507-16
vendor-advisory
x_refsource_GENTOO
https://bugs.gentoo.org/show_bug.cgi?id=469888
x_refsource_CONFIRM
[oss-security] 20130515 CVE Request: Man in the middle on Gentoo Portage binary package installer
mailing-list
x_refsource_MLIST
59878
vdb-entry
x_refsource_BID
portage-cve20132100-sec-bypass(84315)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now