SOL9754 - BIND 9 vulnerability CVE-2009-0025

2009-02-2400:00:00

support.f5.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

87.0%

JSON

BIND does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.

Information about this advisory is available at the following location:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025>

Note: The previous link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.

F5 Product Development tracked this issue as CR114792 and it was fixed in BIG-IP 10.0.1. For information about upgrading, refer to the BIG-IP LTM, ASM, GTM, PSM, Link Controller, WebAccelerator, or WAN Optimization release notes.

F5 Product Development is tracking this issue as ID 294064 (Formerly CR114792) for the FirePass controller.

This is a similar vulnerability to CVE-2008-5077 and CVE-2009-0265. For information about CVE-2008-5077, refer to SOL9762: OpenSSL vulnerability - CVE-2008-5077. For information about CVE-2009-0265, refer to SOL11503: BIND 9 vulnerability CVE-2009-0265.

CPENameOperatorVersion
big-ip ltmle9.6.1
big-ip gtmle9.4.8
big-ip psmle9.4.8
enterprise managerle1.8.0
firepassle7.0.0
big-ip wan optimizationle10.0.0
big-ip link controllerle9.4.8
big-ip asmle9.4.8
big-ip webacceleratorle9.4.8

Name	Operator	Version
big-ip ltm	le	9.6.1
big-ip gtm	le	9.4.8
big-ip psm	le	9.4.8
enterprise manager	le	1.8.0
firepass	le	7.0.0
big-ip wan optimization	le	10.0.0
big-ip link controller	le	9.4.8
big-ip asm	le	9.4.8
big-ip webaccelerator	le	9.4.8