Fedora 14 : perl-IO-Socket-SSL-1.37-1.fc14 (2010-19058)

Medium Nessus Plugin ID 51383


The remote Fedora host is missing a security update.


This update fixes a problem whereby IO::Socket::SSL fell back to the 'VERIFY_NONE' verification mode if another verification mode was defined but no valid ca_file or ca_path was provided.

The updated version throws an error in that situation rather than proceeding with the connection despite being unable to verify the certificate(s) as requested.

This issue was originally reported at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected perl-IO-Socket-SSL package.

See Also




Plugin Details

Severity: Medium

ID: 51383

File Name: fedora_2010-19058.nasl

Version: $Revision: 1.10 $

Type: local

Agent: unix

Published: 2010/12/27

Modified: 2016/05/11

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3.5

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:perl-IO-Socket-SSL, cpe:/o:fedoraproject:fedora:14

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/12/18

Reference Information

CVE: CVE-2010-4334

BID: 45189

FEDORA: 2010-19058