Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2011:092 | First vendor Publication | 2011-05-18 |
| Vendor | Mandriva | Last vendor Modification | 2011-05-18 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability has been found and corrected in perl-IO-Socket-SSL: IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions (CVE-2010-4334). The updated packages have been patched to correct this issue. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:092 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-05-23 | Name : Mandriva Update for perl-IO-Socket-SSL MDVSA-2011:092 (perl-IO-Socket-SSL) File : nvt/gb_mandriva_MDVSA_2011_092.nasl |
| 2010-12-28 | Name : Fedora Update for perl-IO-Socket-SSL FEDORA-2010-19054 File : nvt/gb_fedora_2010_19054_perl-IO-Socket-SSL_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for perl-IO-Socket-SSL FEDORA-2010-19058 File : nvt/gb_fedora_2010_19058_perl-IO-Socket-SSL_fc14.nasl |
| 2010-12-06 | Name : Perl IO::Socket::SSL 'verify_mode' Security Bypass Vulnerability File : nvt/gb_perl_io_socket_ssl_45189.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69626 | Perl IO::Socket::SSL verify_mode Certificate Restriction Bypass Perl IO::Socket::SSL contains a flaw related to the verification mode. The issue is triggered when the program falls back to the 'VERIFY_NONE' verification mode if another mode is defined but a valid 'ca_file' or 'ca_path' is not provided. This may allow an attacker to bypass verification. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-05-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-092.nasl - Type : ACT_GATHER_INFO |
| 2010-12-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19054.nasl - Type : ACT_GATHER_INFO |
| 2010-12-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19058.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:42:16 |
|
