CVE-2009-0025 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2009-0025
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2009-0025

Description: BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

CVE Status: Candidate

References: SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 SAID Secunia Advisory: SA33559 Secunia Advisory: SA33683 Secunia Advisory: SA35074 Secunia Advisory: SA33494 Secunia Advisory: SA33546 Secunia Advisory: SA33551 Secunia Advisory: SA33882 MISC http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 http://www.ocert.org/advisories/ocert-2008-016.html FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc FEDORA CONFIRM http://support.apple.com/kb/HT3549 http://www.vmware.com/security/advisories/VMSA-2009-0004.html http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm http://wiki.rpath.com/Advisories:rPSA-2009-0009 http://www.openbsd.org/errata44.html#008_bind CERT http://www.us-cert.gov/cas/techalerts/TA09-133A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/500207/100/0/threaded APPLE http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

Return to the previous page.