Vulnerabilities > CVE-2009-3024 - Cryptographic Issues vulnerability in Io-Socket-Ssl
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_1_PERL-IO-SOCKET-SSL-090901.NASL description This update of perl-IO-Socket-SSL improves the hostname checking of the SSL certificate. (CVE-2009-3024) last seen 2020-06-01 modified 2020-06-02 plugin id 40905 published 2009-09-09 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40905 title openSUSE Security Update : perl-IO-Socket-SSL (perl-IO-Socket-SSL-1264) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update perl-IO-Socket-SSL-1264. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40905); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-3024"); script_name(english:"openSUSE Security Update : perl-IO-Socket-SSL (perl-IO-Socket-SSL-1264)"); script_summary(english:"Check for the perl-IO-Socket-SSL-1264 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of perl-IO-Socket-SSL improves the hostname checking of the SSL certificate. (CVE-2009-3024)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=535554" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-IO-Socket-SSL package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-IO-Socket-SSL"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"perl-IO-Socket-SSL-1.16-2.9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-IO-Socket-SSL"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-252.NASL description A vulnerability was discovered and corrected in perl-IO-Socket-SSL : The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate (CVE-2009-3024). This update provides a fix for this vulnerability. Update : Packages were missing for 2009.0, this update addresses the problem. last seen 2020-06-01 modified 2020-06-02 plugin id 41960 published 2009-10-02 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41960 title Mandriva Linux Security Advisory : perl-IO-Socket-SSL (MDVSA-2009:252-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201101-06.NASL description The remote host is affected by the vulnerability described in GLSA-201101-06 (IO::Socket::SSL: Certificate validation error) The vendor reported that IO::Socket::SSL does not properly handle Common Name (CN) fields. Impact : A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using IO::Socket::SSL. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 51536 published 2011-01-17 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51536 title GLSA-201101-06 : IO::Socket::SSL: Certificate validation error NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-178.NASL description A vulnerability was discovered and corrected in perl-IO-Socket-SSL: The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate (CVE-2009-3024). This update provides a fix for this vulnerability. last seen 2019-02-21 modified 2018-07-19 plugin id 41950 published 2009-10-01 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=41950 title MDVSA-2009:178 : perl-IO-Socket-SSL NASL family SuSE Local Security Checks NASL id SUSE_11_PERL-IO-SOCKET-SSL-090901.NASL description This update of perl-IO-Socket-SSL improves the hostname checking of the SSL certificate. (CVE-2009-3024) last seen 2020-06-01 modified 2020-06-02 plugin id 41449 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41449 title SuSE 11 Security Update : perl-IO-Socket-SSL (SAT Patch Number 1265)
References
- http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://secunia.com/advisories/42893
- http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml
- http://www.openwall.com/lists/oss-security/2009/08/28/1
- http://www.openwall.com/lists/oss-security/2009/08/29/1
- http://www.openwall.com/lists/oss-security/2009/08/31/4
- http://www.vupen.com/english/advisories/2011/0118