AIX 6.1 TL 6 : bind9 (IV11743)

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND...

AIX 7.1 TL 0 : bind9 (IV11744)

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND...

AIX 5.3 TL 12 : bind9 (IV09491)

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND...

Mandriva Linux Security Advisory : bind (MDVSA-2009:002)

A flaw was found in how BIND checked the return value of the OpenSSL DSAdoverify function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks CVE-2009-0025. The updated packages ha...

SUSE: Security Advisory for bind (SUSE-SA:2009:005)

The remote host is missing updates announced in advisory SUSE-SA:2009:005. Copyright C 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

OpenSSL DSA_do_verify() Security Bypass Vulnerability in NASL

The host is running NASL and is prone to Security Bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodnaslsecbypassvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenSSL DSAdoverify Security Bypass Vulnerability in NASL Authors: Sharath S Copyright: Copyright c 2009 SecPod,...

OpenSSL DSA_do_verify() Security Bypass Vulnerability in NASL

The NASL interpreter is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD Security Advisory (FreeBSD-SA-09:04.bind.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:04.bind.asc ADV FreeBSD-SA-09:04.bind.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-09:04.bind.asc Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

FreeBSD Security Advisory (FreeBSD-SA-09:04.bind.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-09:04.bind.asc SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2009-0129

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSAverify and DSAdoverify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

CVE-2009-0130

lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...

Input validation

DISPUTED NOTE: this issue has been disputed by the upstream vendor. nasl/naslcrypto2.c in the Nessus Attack Scripting Language library aka libnasl 2.2.11 does not properly check the return value from the OpenSSL DSAdoverify function, which allows remote attackers to bypass validation of the...

CVE-2009-0130

lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...

CVE-2009-0125

Technical details for CVE-2009-0125 are not publicly available in the provided documents. Monitor for updates from upstream and security advisories.

CVE-2009-0130

CVE-2009-0130 affects the Erlang OpenSSL integration: lib/crypto/c_src/crypto_drv.c may fail to properly check the return value of DSA_do_verify, enabling bypass of certificate chain validation for malformed SSL/TLS signatures. The description notes this as similar to CVE-2008-5077 and includes d...

CVE-2009-0130

lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...

RedHat Security Advisory RHSA-2009:0020

The remote host is missing updates announced in advisory RHSA-2009:0020. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSAdoverify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation...

Mandrake Security Advisory MDVSA-2009:002 (bind)

The remote host is missing an update to bind announced via advisory MDVSA-2009:002. OpenVAS Vulnerability Test $Id: mdksa2009002.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:002 bind Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

bind security update

9.3.4-6.0.3.P1 - check DSAdoverify return value correctly...