QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-0025

Back to search

CVE-2009-0025

Published: Jan 7, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

VendorProductVersions

n/a

n/a

affected
n/a

References

HPSBOV03226
vendor-advisory
x_refsource_HP
33151
vdb-entry
x_refsource_BID
SSRT101004
vendor-advisory
x_refsource_HP
33546
third-party-advisory
x_refsource_SECUNIA
35074
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:5569
vdb-entry
signature
x_refsource_OVAL
33559
third-party-advisory
x_refsource_SECUNIA
250846
vendor-advisory
x_refsource_SUNALERT
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
ADV-2009-0904
vdb-entry
x_refsource_VUPEN
ADV-2009-0043
vdb-entry
x_refsource_VUPEN
FreeBSD-SA-09:04
vendor-advisory
x_refsource_FREEBSD
SSA:2009-014-02
vendor-advisory
x_refsource_SLACKWARE
33882
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10879
vdb-entry
signature
x_refsource_OVAL
TA09-133A
third-party-advisory
x_refsource_CERT
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
33683
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0366
vdb-entry
x_refsource_VUPEN
20090120 rPSA-2009-0009-1 bind bind-utils
mailing-list
x_refsource_BUGTRAQ
33494
third-party-advisory
x_refsource_SECUNIA
33551
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-0350
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now