Lucene search

K

[email protected]CVE-2009-0025

HistoryJan 07, 2009 - 5:30 p.m.

CVE-2009-0025

2009-01-0717:30:00

CWE-287

[email protected]

web.nvd.nist.gov

189

cve-2009-0025

bind

ssl

tls

validation bypass

openssl

remote attackers

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

CPENameOperatorVersion
isc:bindisc bindeq9.2.0
isc:bindisc bindeq9.1.1
isc:bindisc bindeq9.4.3
isc:bindisc bindeq9.2.3
isc:bindisc bindeq9.1.3
isc:bindisc bindeq9.4.0
isc:bindisc bindeq9.2.4
isc:bindisc bindeq9.2.1
isc:bindisc bindeq9.0.0
isc:bindisc bindeq9.1.0

Rows per page:

1-10 of 241

References

groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33

lists.apple.com/archives/security-announce/2009/May/msg00002.html

marc.info/?l=bugtraq&m=141879471518471&w=2

secunia.com/advisories/33494

secunia.com/advisories/33546

secunia.com/advisories/33551

secunia.com/advisories/33559

secunia.com/advisories/33683

secunia.com/advisories/33882

secunia.com/advisories/35074

security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362

sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-045.htm

wiki.rpath.com/Advisories:rPSA-2009-0009

www.ocert.org/advisories/ocert-2008-016.html

www.openbsd.org/errata44.html#008_bind

www.securityfocus.com/archive/1/499827/100/0/threaded

www.securityfocus.com/archive/1/500207/100/0/threaded

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/33151

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2009/0043

www.vupen.com/english/advisories/2009/0366

www.vupen.com/english/advisories/2009/0904

www.vupen.com/english/advisories/2009/1297

issues.rpath.com/browse/RPL-2938

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569

www.isc.org/software/bind/advisories/cve-2009-0025

www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html

6.6 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

Related for CVE-2009-0025

openvas86 prion8 debiancve3 ubuntucve5 slackware2 nessus46 veracode2 suse2 oraclelinux2 f56 ubuntu2 centos4 cve5 fedora6 debian2 redhat2 freebsd_advisory2 securityvulns3 gentoo2 vmware2 altlinux4 seebug1 osv1 openssl1