7 matches found
Solaris 10 (x86) : 139501-02
SunOS 5.10x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Solaris 10 (x86) : 139501-02
SunOS 5.10x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if ! definedfunc"bnrando...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : ntp vulnerability (USN-705-1)
It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security...
Fedora 9 : tqsllib-2.0-5.fc9 (2009-0543)
The TrustedQSL library incorrectly checked the result after calling the EVPVerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. Package includes a patch to fix EVPVerifyFinal result check. Note that Tenable Network Security has extracted...
CVE-2009-0124
The tqslverifyDataBlock function in opensslcert.cpp in American Radio Relay League ARRL tqsllib 2.0 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a...
CVE-2009-0124
The tqslverifyDataBlock function in opensslcert.cpp in American Radio Relay League ARRL tqsllib 2.0 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a...
CVE-2009-0124
Technical details (affected software/versions/root cause/remediation) are not publicly provided in the connected documents. The initial CVE description mentions OpenSSL EVP_VerifyFinal but does not enumerate affected products or fixes within this document set.