Vigil@nce: Perl IO-Socket-SSL, incorrect check of the certificate
July 2009 by Vigil@nce
An attacker can setup a client or a server with a malicious SSL
certificate, which is not detected by the IO::Socket::SSL module
for Perl.
Severity: 2/4
Consequences: data reading, data creation/edition
Provenance: internet server
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 08/07/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The CPAN IO::Socket::SSL module for Perl implements a SSL tunnel.
The verify_hostname_of_cert() function of the SSL.pm file checks
if the certificate is for the computer name. However, this
function uses a regular expression without ending it with ’$’ (end
of string tag). A certificate for "www.exam" can therefore be used
for the "www.example.com" computer or for "www.examination.dom".
An attacker can therefore setup a client or a server with a
malicious SSL certificate, which is not detected by the
IO::Socket::SSL module for Perl.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8845
http://vigilance.fr/vulnerability/Perl-IO-Socket-SSL-incorrect-check-of-the-certificate-8845