Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-0021HistoryJan 07, 2009 - 5:30 p.m.
CVE-2009-0021
2009-01-0717:30:00
Debian Security Bug Tracker
security-tracker.debian.org
12
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
80.5%
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | ntp | <Β 1:4.2.4p4+dfsg-8 | ntp_1:4.2.4p4+dfsg-8_all.deb |
| Debian | 10 | all | ntp | <Β 1:4.2.4p4+dfsg-8 | ntp_1:4.2.4p4+dfsg-8_all.deb |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200904-05 (ntp)
2009-04-06 00:00:00
Slackware Advisory SSA:2009-014-03 ntp
2012-09-11 00:00:00
Fedora Core 10 FEDORA-2009-0544 (ntp)
2009-01-26 00:00:00
f5
f5
SOL9889 - NTP vulnerability CVE-2009-0021
2009-04-05 00:00:00
K9889 : NTP vulnerability CVE-2009-0021
2013-03-25 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: ntp-4.2.4p6-1.fc10
2009-01-24 02:34:08
[SECURITY] Fedora 9 Update: ntp-4.2.4p6-1.fc9
2009-01-24 02:32:42
[SECURITY] Fedora 9 Update: tqsllib-2.0-5.fc9
2009-01-15 03:07:29
gentoo
gentoo
ntp: Certificate validation error
2009-04-05 00:00:00
OpenSSL: Certificate validation error
2009-02-12 00:00:00
cve
cve
nessus
nessus
Fedora 10 : ntp-4.2.4p6-1.fc10 (2009-0544)
2009-04-23 00:00:00
GLSA-200904-05 : ntp: Certificate validation error
2009-04-07 00:00:00
prion
prion
Input validation
2009-01-07 17:30:00
Input validation
2009-01-07 17:30:00
Input validation
2009-01-07 18:30:00
ubuntucve
ubuntucve
securityvulns
securityvulns
[oCERT-2008-016] Multiple OpenSSL signature verification API misuses
2009-01-09 00:00:00
OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities
2009-02-10 00:00:00
FreeBSD Security Advisory FreeBSD-SA-09:02.openssl
2009-01-09 00:00:00
redhat
redhat
(RHSA-2009:0046) Moderate: ntp security update
2009-01-29 00:00:00
(RHSA-2009:0004) Important: openssl security update
2009-01-07 00:00:00
oraclelinux
oraclelinux
ntp security update
2009-01-29 00:00:00
openssl security update
2009-01-07 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:31:06
Man-in-the-Middle (MitM)
2020-04-10 00:30:43
centos
centos
ntp security update
2009-02-04 18:58:29
openssl, openssl096b, openssl097a security update
2009-01-07 22:28:50
openssl, openssl095a, openssl096 security update
2009-02-02 23:30:18
debian
debian
[SECURITY] [DSA 1702-1] New ntp packages fix cryptographic weakness
2009-01-12 20:34:15
[SECURITY] [DSA 1701-1] New OpenSSL packages fix cryptographic weakness
2009-01-12 20:03:29
ubuntu
ubuntu
NTP vulnerability
2009-01-08 00:00:00
OpenSSL vulnerability
2009-01-07 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:03.ntpd
2009-01-13 00:00:00
FreeBSD-SA-09:02.openssl
2009-01-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8j-alt1
2009-01-08 00:00:00
seebug
seebug
OpenSSL 'EVP_VerifyFinal'ε½ζ°ηΎειͺθ―ζΌζ΄
2009-01-08 00:00:00
debiancve
debiancve
suse
suse
SSL certificate checking bypass in openssl
2009-01-23 16:31:52
osv
osv
openssl openssl097 - cryptographic weakness
2009-01-12 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2008-5077
2009-01-07 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
80.5%
Related for DEBIANCVE:CVE-2009-0021