11 matches found
Solaris 10 (x86) : 139501-02
SunOS 5.10x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
SuSE 10 Security Update : eID-belgium (ZYPP Patch Number 6006)
eID-belgium uses EVPVerifyFinal incorrectly CVE-2009-0049 which allowed bypassing the validation of the certificate chain. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...
Debian DSA-1946-1 : belpic - cryptographic weakness
It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
[SECURITY] [DSA 1946-1] New belpic packages fix cryptographic weakness
------------------------------------------------------------------------ Debian Security Advisory DSA-1946-1 [email protected] http://www.debian.org/security/ Steffen Joeris December 04, 2009 http://www.debian.org/security/faq -...
openSUSE Security Update : eID-belgium (eID-belgium-541)
eID-belgium uses EVPVerifyFinal incorrectly CVE-2009-0049 which allowed bypassing the validation of the certificate chain. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update eID-belgium-541. The...
openSUSE Security Update : eID-belgium (eID-belgium-541)
eID-belgium uses EVPVerifyFinal incorrectly CVE-2009-0049 which allowed bypassing the validation of the certificate chain. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update eID-belgium-541. The...
Solaris 10 (x86) : 139501-02
SunOS 5.10x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if ! definedfunc"bnrando...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : ntp vulnerability (USN-705-1)
It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...
SuSE Security Summary SUSE-SR:2009:005
The remote host is missing updates announced in advisory SUSE-SR:2009:005. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...
CVE-2009-0049
Belgian eID middleware eidlib 2.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...
CVE-2009-0049
Belgian eID middleware eidlib 2.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...