CVE-2008-5077 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-5077
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-5077

Description: OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-704-1 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796 SAID Secunia Advisory: SA33765 Secunia Advisory: SA33338 Secunia Advisory: SA33673 Secunia Advisory: SA33557 Secunia Advisory: SA33436 Secunia Advisory: SA35074 Secunia Advisory: SA35108 Secunia Advisory: SA34211 MISC http://www.ocert.org/advisories/ocert-2008-016.html HP http://marc.info/?l=bugtraq&m=123859864430555&w=2 http://marc.info/?l=bugtraq&m=124277349419254&w=2 GENTOO http://security.gentoo.org/glsa/glsa-200902-02.xml CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0004.html http://support.apple.com/kb/HT3549 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653 http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html CERT http://www.us-cert.gov/cas/techalerts/TA09-133A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded APPLE http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

Return to the previous page.