976 matches found
ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness
According to its version number, the remote installation of BIND does not properly check the return value from the OpenSSL library functions 'EVPVerifyFinal' and 'DSAdoverify'. A remote attacker may be able to exploit this weakness to spoof answers returned from zones for signature checks on DSA...
DEBIAN-CVE-2009-1189
The dbusvalidatesignaturewithreason function dbus-marshal-validate.c in D-Bus aka DBus before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834...
Fedora 10 : ntp-4.2.4p6-1.fc10 (2009-0544)
This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA...
Mandriva Linux Security Advisory : dbus (MDVSA-2008:213)
The D-Bus library did not correctly validate certain corrupted signatures which could cause a crash of applications linked against the D-Bus library if a local user were to send a specially crafted D-Bus request CVE-2008-3834. The updated packages have been patched to prevent this issue...
Mandrake Security Advisory MDVSA-2009:037 (bind)
The remote host is missing an update to bind announced via advisory MDVSA-2009:037. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
CVE-2009-0125
NOTE: this issue has been disputed by the upstream vendor. nasl/naslcrypto2.c in the Nessus Attack Scripting Language library aka libnasl 2.2.11 does not properly check the return value from the OpenSSL DSAdoverify function, which allows remote attackers to bypass validation of the certificate...
bind: DSA_do_verify() returns check issue
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...
CVE-2009-0025
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...
DEBIAN-CVE-2008-3834
The dbussignaturevalidate function in the D-bus library libdbus before 1.2.4 allows remote attackers to cause a denial of service application abort via a message containing a malformed signature, which triggers a failed assertion error...
Unauthorized reading confirmation from Outlook
I've just got an interesting idea about how a malicious e-mail sender could try to get a unseen by the recipient reading confirmation, including the IP address of the recipient. I was working on S/MIME messages and I thought about the signature validation process, where some of the steps could...
Multiple SNMPv3 authentication implementations bypass
User-supplied number of signature bytes are checked on signature validation...
CVE-2007-2240
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 Automated Solutions 1.0 before fix pack 1, does not properly validate digital signatures of downloaded software, which makes it easier for remote...
Code injection
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database...
CVE-2002-2204
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source...
CVE-2002-2204
CVE-2002-2204 affects the RPM Package Manager, specifically version 4.0.4 . The vulnerability stems from the default --checksig setting, which verifies a package’s signature validity without listing who signed it, enabling remote attackers to make a malicious package appear to originate from a tr...
Signature validation bypass
More info at https://simplesamlphp.org/security/201710-01...