Lucene search

[email protected]CVE-2008-5077

HistoryJan 07, 2009 - 5:30 p.m.

CVE-2008-5077

2009-01-0717:30:00

CWE-20

[email protected]

web.nvd.nist.gov

openssl

vulnerability

evp_verifyfinal

ssl

tls

dsa

ecdsa

nvd

6.5 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.7%

JSON

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

CPENameOperatorVersion
openssl:opensslopenssleq0.9.7
openssl:opensslopenssleq0.9.5a
openssl:opensslopenssleq0.9.8b
openssl:opensslopenssleq0.9.7l
openssl:opensslopenssleq0.9.6i
openssl:opensslopenssleq0.9.3
openssl:opensslopenssleq0.9.8c
openssl:opensslopenssleq0.9.7c
openssl:opensslopenssleq0.9.5
openssl:opensslopenssleq0.9.6d

CPE	Name	Operator	Version
openssl:openssl	openssl	eq	0.9.7
openssl:openssl	openssl	eq	0.9.5a
openssl:openssl	openssl	eq	0.9.8b
openssl:openssl	openssl	eq	0.9.7l
openssl:openssl	openssl	eq	0.9.6i
openssl:openssl	openssl	eq	0.9.3
openssl:openssl	openssl	eq	0.9.8c
openssl:openssl	openssl	eq	0.9.7c
openssl:openssl	openssl	eq	0.9.5
openssl:openssl	openssl	eq	0.9.6d

Rows per page:

1-10 of 431

References

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

marc.info/?l=bugtraq&m=123859864430555&w=2

marc.info/?l=bugtraq&m=124277349419254&w=2

marc.info/?l=bugtraq&m=127678688104458&w=2

secunia.com/advisories/33338

secunia.com/advisories/33394

secunia.com/advisories/33436

secunia.com/advisories/33557

secunia.com/advisories/33673

secunia.com/advisories/33765

secunia.com/advisories/34211

secunia.com/advisories/35074

secunia.com/advisories/35108

secunia.com/advisories/39005

security.gentoo.org/glsa/glsa-200902-02.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796

sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-038.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653

voodoo-circle.sourceforge.net/sa/sa-20090123-01.html

www.ocert.org/advisories/ocert-2008-016.html

www.openssl.org/news/secadv_20090107.txt

www.redhat.com/support/errata/RHSA-2009-0004.html

www.securityfocus.com/archive/1/499827/100/0/threaded

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/33150

www.securitytracker.com/id?1021523

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2009/0040

www.vupen.com/english/advisories/2009/0289

www.vupen.com/english/advisories/2009/0362

www.vupen.com/english/advisories/2009/0558

www.vupen.com/english/advisories/2009/0904

www.vupen.com/english/advisories/2009/0913

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1338

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155

usn.ubuntu.com/704-1/

6.5 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.007 Low

EPSS

Percentile

80.7%

JSON

Related for CVE-2008-5077

nessus26 slackware3 openvas73 centos2 altlinux4 debian1 ubuntu1 fedora6 seebug1 debiancve11 prion18 redhat1 veracode1 securityvulns4 suse1 oraclelinux1 osv1 ubuntucve15 gentoo2 openssl1 freebsd_advisory1 cve17 f58