Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:092 | First vendor Publication | 2011-05-18 |
Vendor | Mandriva | Last vendor Modification | 2011-05-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been found and corrected in perl-IO-Socket-SSL: IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions (CVE-2010-4334). The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:092 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-05-23 | Name : Mandriva Update for perl-IO-Socket-SSL MDVSA-2011:092 (perl-IO-Socket-SSL) File : nvt/gb_mandriva_MDVSA_2011_092.nasl |
2010-12-28 | Name : Fedora Update for perl-IO-Socket-SSL FEDORA-2010-19054 File : nvt/gb_fedora_2010_19054_perl-IO-Socket-SSL_fc13.nasl |
2010-12-28 | Name : Fedora Update for perl-IO-Socket-SSL FEDORA-2010-19058 File : nvt/gb_fedora_2010_19058_perl-IO-Socket-SSL_fc14.nasl |
2010-12-06 | Name : Perl IO::Socket::SSL 'verify_mode' Security Bypass Vulnerability File : nvt/gb_perl_io_socket_ssl_45189.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69626 | Perl IO::Socket::SSL verify_mode Certificate Restriction Bypass Perl IO::Socket::SSL contains a flaw related to the verification mode. The issue is triggered when the program falls back to the 'VERIFY_NONE' verification mode if another mode is defined but a valid 'ca_file' or 'ca_path' is not provided. This may allow an attacker to bypass verification. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-05-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-092.nasl - Type : ACT_GATHER_INFO |
2010-12-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19054.nasl - Type : ACT_GATHER_INFO |
2010-12-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-19058.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:16 |
|