SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-5077

Date: (C)2009-01-07 (M)2024-02-22

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1021523

http://www.securityfocus.com/archive/1/499827/100/0/threaded

http://www.securityfocus.com/archive/1/502322/100/0/threaded

SUNALERT-250826

APPLE-SA-2009-05-12

SSA:2009-014-01

SUSE-SU-2011:0847

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653

http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html

http://www.ocert.org/advisories/ocert-2008-016.html

http://www.openssl.org/news/secadv_20090107.txt

http://www.vmware.com/security/advisories/VMSA-2009-0004.html

openSUSE-SU-2011:0845

oval:org.mitre.oval:def:6380

oval:org.mitre.oval:def:9155

cpe:/a:openssl:openssl:0.9.1c
cpe:/a:openssl:openssl
cpe:/a:openssl:openssl:0.9.5a
cpe:/a:openssl:openssl:0.9.6:beta3
...

oval:org.secpod.oval:def:700409
oval:org.secpod.oval:def:200615
oval:org.secpod.oval:def:200522
oval:org.secpod.oval:def:200550
...

© SecPod Technologies