[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-5077Date: (C)2009-01-07   (M)2018-06-20


OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1021523
http://www.securityfocus.com/archive/1/archive/1/499827/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded
SUNALERT-250826
BID-33150
SECUNIA-33338
SECUNIA-33394
SECUNIA-33436
SECUNIA-33557
SECUNIA-33673
SECUNIA-33765
SECUNIA-34211
SECUNIA-35074
SECUNIA-35108
SECUNIA-39005
ADV-2009-0040
ADV-2009-0289
ADV-2009-0362
ADV-2009-0558
ADV-2009-0904
ADV-2009-0913
ADV-2009-1297
ADV-2009-1338
APPLE-SA-2009-05-12
GLSA-200902-02
HPSBMA02426
HPSBOV02540
RHSA-2009:0004
SSA:2009-014-01
SSRT090002
SSRT090053
SUSE-SU-2011:0847
TA09-133A
USN-704-1
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653
http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html
http://www.ocert.org/advisories/ocert-2008-016.html
http://www.openssl.org/news/secadv_20090107.txt
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
openSUSE-SU-2011:0845

CPE    59
cpe:/a:openssl:openssl:0.9.1c
cpe:/a:openssl:openssl:0.9.5a
cpe:/a:openssl:openssl:0.9.6:beta3
cpe:/a:openssl:openssl:0.9.6:beta1
...
CWE    1
CWE-20
OVAL    28
oval:org.secpod.oval:def:102023
oval:org.secpod.oval:def:102285
oval:org.secpod.oval:def:101861
oval:org.secpod.oval:def:301229
...

© SecPod Technologies