Vulnerability CVE-2009-3024

Vulnerability Name:

CVE-2009-3024 (CCN-51567)

Assigned:

2009-07-03

Published:

2009-07-03

Updated:

2011-01-20

Summary:

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-310

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: Perl Web site
Changes, v1.26 2009.07.03, SECURITY BUGFIX!

Source: CONFIRM
Type: UNKNOWN
http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes

Source: MITRE
Type: CNA
CVE-2009-3024

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:015

Source: CCN
Type: SA35703
Perl IO::Socket::SSL Hostname Matching Security Bypass

Source: SECUNIA
Type: UNKNOWN
42893

Source: CCN
Type: GLSA-201101-06
IO::Socket::SSL: Certificate validation error

Source: GENTOO
Type: UNKNOWN
GLSA-201101-06

Source: MLIST
Type: UNKNOWN
[oss-security] 20090828 CVE request: perl-IO-Socket-SSL certificate hostname compare bug

Source: MLIST
Type: UNKNOWN
[oss-security] 20090829 Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug

Source: MLIST
Type: UNKNOWN
[oss-security] 20090831 Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug

Source: CCN
Type: BID-35587
Perl IO::Socket::SSL 'verify_hostname_of_cert()' Security Bypass Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2011-0118

Source: XF
Type: UNKNOWN
iosocketssl-certificate-security-bypass(51567)

Source: SUSE
Type: SUSE-SR:2009:015
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:io-socket-ssl:io-socket-ssl:1.14:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.15:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.16:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.16_1:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.16_2:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.16_3:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.17:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.18:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.19:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.20:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.21:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.22:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.23:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.24:*:*:*:*:*:*:*

OR cpe:/a:io-socket-ssl:io-socket-ssl:1.25:*:*:*:*:*:*:*

Configuration CCN 1: