5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.007 Low
EPSS
Percentile
78.3%
It was discovered that OpenSSL does not properly verify DSA signatures
on X.509 certificates due to an API misuse, potentially leading to the
acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).
For the stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch4 of the openssl package, and version
0.9.7k-3.1etch2 of the openssl097 package.
For the unstable distribution (sid), this problem has been fixed in
version 0.9.8g-15.
The testing distribution (lenny) will be fixed soon.
We recommend that you upgrade your OpenSSL packages.
CPE | Name | Operator | Version |
---|---|---|---|
openssl | eq | 0.9.8c-4 | |
openssl | eq | 0.9.8c-4etch1 | |
openssl | eq | 0.9.8c-4etch2 | |
openssl | eq | 0.9.8c-4etch3 | |
openssl | eq | 0.9.8c-4etch3+m68k1 |