Executive Summary

Informations
Name CVE-2010-4334 First vendor Publication 2011-01-13
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4334

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2011-05-23 Name : Mandriva Update for perl-IO-Socket-SSL MDVSA-2011:092 (perl-IO-Socket-SSL)
File : nvt/gb_mandriva_MDVSA_2011_092.nasl
2010-12-28 Name : Fedora Update for perl-IO-Socket-SSL FEDORA-2010-19054
File : nvt/gb_fedora_2010_19054_perl-IO-Socket-SSL_fc13.nasl
2010-12-28 Name : Fedora Update for perl-IO-Socket-SSL FEDORA-2010-19058
File : nvt/gb_fedora_2010_19058_perl-IO-Socket-SSL_fc14.nasl
2010-12-06 Name : Perl IO::Socket::SSL 'verify_mode' Security Bypass Vulnerability
File : nvt/gb_perl_io_socket_ssl_45189.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69626 Perl IO::Socket::SSL verify_mode Certificate Restriction Bypass

Perl IO::Socket::SSL contains a flaw related to the verification mode. The issue is triggered when the program falls back to the 'VERIFY_NONE' verification mode if another mode is defined but a valid 'ca_file' or 'ca_path' is not provided. This may allow an attacker to bypass verification.

Nessus® Vulnerability Scanner

Date Description
2011-05-19 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2011-092.nasl - Type : ACT_GATHER_INFO
2010-12-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-19054.nasl - Type : ACT_GATHER_INFO
2010-12-27 Name : The remote Fedora host is missing a security update.
File : fedora_2010-19058.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058
http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/05259...
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/05260...
http://osvdb.org/69626
http://secunia.com/advisories/42508
http://secunia.com/advisories/42757
http://www.mandriva.com/security/advisories?name=MDVSA-2011:092
http://www.openwall.com/lists/oss-security/2010/12/09/8
http://www.openwall.com/lists/oss-security/2010/12/24/1
http://www.securityfocus.com/bid/45189
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2024-11-28 23:06:24
  • Multiple Updates
2024-11-28 12:23:38
  • Multiple Updates
2021-05-04 12:12:33
  • Multiple Updates
2021-04-22 01:13:28
  • Multiple Updates
2020-05-23 00:26:56
  • Multiple Updates
2016-06-28 18:23:00
  • Multiple Updates
2016-04-26 20:15:01
  • Multiple Updates
2014-02-17 10:58:42
  • Multiple Updates
2013-05-10 23:37:24
  • Multiple Updates