#20702 – Perl IO::Socket::SSL Hostname Matching Security Bypass

Bug 20702 - Perl IO::Socket::SSL Hostname Matching Security Bypass

Summary: Perl IO::Socket::SSL Hostname Matching Security Bypass

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	perl-IO-Socket-SSL (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 normal
Assignee:	viy
QA Contact:	qa-sisyphus

URL:	http://secunia.com/advisories/35703/
Keywords:	security

Depends on:
Blocks:

Reported:	2009-07-07 20:11 MSD by Vladimir Lettiev
Modified:	2010-04-24 11:14 MSD (History)
CC List:	10 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-07-07 20:11:30 MSD

A vulnerability has been reported in IO::Socket::SSL, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error within the certificate hostname matching when no wildcard was given, which can be exploited to bypass the hostname verification.

Fixed in 1.26

Comment 1 Vladimir Lettiev 2010-04-24 11:14:29 MSD

fixed

Comment 2 Vladimir Lettiev 2010-04-24 11:14:55 MSD

closed