Back to search
CVE-2008-5077
Published: Jan 7, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSRT090002
vendor-advisory
x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
x_refsource_CONFIRM
SUSE-SU-2011:0847
vendor-advisory
x_refsource_SUSE
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses
mailing-list
x_refsource_BUGTRAQ
250826
vendor-advisory
x_refsource_SUNALERT
http://www.openssl.org/news/secadv_20090107.txt
x_refsource_CONFIRM
ADV-2009-0558
vdb-entry
x_refsource_VUPEN
openSUSE-SU-2011:0845
vendor-advisory
x_refsource_SUSE
HPSBUX02418
vendor-advisory
x_refsource_HP
1021523
vdb-entry
x_refsource_SECTRACK
ADV-2009-0362
vdb-entry
x_refsource_VUPEN
GLSA-200902-02
vendor-advisory
x_refsource_GENTOO
HPSBMA02426
vendor-advisory
x_refsource_HP
ADV-2009-0289
vdb-entry
x_refsource_VUPEN
35074
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm
x_refsource_CONFIRM
34211
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0040
vdb-entry
x_refsource_VUPEN
HPSBOV02540
vendor-advisory
x_refsource_HP
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
SSA:2009-014-01
vendor-advisory
x_refsource_SLACKWARE
ADV-2009-0904
vdb-entry
x_refsource_VUPEN
ADV-2009-0913
vdb-entry
x_refsource_VUPEN
33557
third-party-advisory
x_refsource_SECUNIA
33765
third-party-advisory
x_refsource_SECUNIA
http://www.ocert.org/advisories/ocert-2008-016.html
x_refsource_MISC
33673
third-party-advisory
x_refsource_SECUNIA
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
mailing-list
x_refsource_BUGTRAQ
33436
third-party-advisory
x_refsource_SECUNIA
35108
third-party-advisory
x_refsource_SECUNIA
TA09-133A
third-party-advisory
x_refsource_CERT
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653
x_refsource_CONFIRM
33150
vdb-entry
x_refsource_BID
RHSA-2009:0004
vendor-advisory
x_refsource_REDHAT
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
USN-704-1
vendor-advisory
x_refsource_UBUNTU
33338
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1338
vdb-entry
x_refsource_VUPEN
SSRT090053
vendor-advisory
x_refsource_HP
33394
third-party-advisory
x_refsource_SECUNIA
http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:6380
vdb-entry
signature
x_refsource_OVAL
39005
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9155
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now