BIND does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.
Information about this advisory is available at the following location:
Note: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
F5 Product Development tracked this issue as CR114792 and it was fixed in BIG-IP 10.0.1. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, PSM, Link Controller, WebAccelerator, or WAN Optimization release notes.
F5 Product Development is tracking this issue as ID 294064 (Formerly CR114792) for the FirePass controller.
This is a similar vulnerability to CVE-2008-5077 and CVE-2009-0265. For information about CVE-2008-5077, refer to SOL9762: OpenSSL vulnerability - CVE-2008-5077. For information about CVE-2009-0265, refer to SOL11503: BIND 9 vulnerability CVE-2009-0265.