NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl098e packages installed that are affected by multiple vulnerabilities: - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption v...

AIX 6.1 TL 6 : bind9 (IV11743)

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND...

AIX 7.1 TL 0 : bind9 (IV11744)

An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND...

SuSE 10 Security Update : eID-belgium (ZYPP Patch Number 6006)

eID-belgium uses EVPVerifyFinal incorrectly CVE-2009-0049 which allowed bypassing the validation of the certificate chain. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

SuSE9 Security Update : xntp, xntp-doc (YOU Patch Number 12338)

This update of ntp improves a check for the return value of openssl's function EVPVerifyFinal. CVE-2009-0021 Additionally a fix non-security for starting ntpd with the option -x was added. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE Security Update : eID-belgium (eID-belgium-541)

eID-belgium uses EVPVerifyFinal incorrectly CVE-2009-0049 which allowed bypassing the validation of the certificate chain. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update eID-belgium-541. The...

Mandrake Security Advisory MDVSA-2009:037 (bind)

The remote host is missing an update to bind announced via advisory MDVSA-2009:037. OpenVAS Vulnerability Test $Id: mdksa2009037.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:037 bind Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CVE-2009-0265

CVE-2009-0265 affects BIND 9.6.0 and earlier, where the server does not properly check the return value of OpenSSL EVP_VerifyFinal, allowing remote attackers to bypass certificate-chain validation via a malformed SSL/TLS signature. The description notes this is similar to CVE-2008-5077 and CVE-20...

Gale EVP_VerifyFinal() Security Bypass Vulnerability

Gale is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 9 : tqsllib-2.0-5.fc9 (2009-0543)

The TrustedQSL library incorrectly checked the result after calling the EVPVerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. Package includes a patch to fix EVPVerifyFinal result check. Note that Tenable Network Security has extracted...

CVE-2009-0124

The tqslverifyDataBlock function in opensslcert.cpp in American Radio Relay League ARRL tqsllib 2.0 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a...

CVE-2009-0128

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...

CVE-2009-0124

The tqslverifyDataBlock function in opensslcert.cpp in American Radio Relay League ARRL tqsllib 2.0 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a...

OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞

BUGTRAQ ID: 33150 CVE ID：CVE-2008-5077 CNCVE ID：CNCVE-20085077 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 部分OpenSSL函数验证DSA和ECDSA密钥时不正确验证"EVPVerifyFinal"函数返回值，发送特殊构建的签名证书链给客户端，可绕过签名检查。 通过恶意服务器或中间人攻击，可使证书链中的畸形SSL/TLS签名绕过客户端软件检查，导致盲目信任并泄漏敏感信息。 成功利用此漏洞需要服务器使用包含DSA或者ECDSA密钥的证书。 Ubuntu Ubuntu Linux 8.10 spar...

CVE-2009-0047

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...

Input validation

OpenEvidence 1.0.6 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...

Input validation

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...

Input validation

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...

Input validation

Belgian eID middleware eidlib 2.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...

CVE-2009-0049

CVE-2009-0049 affects belpic (the Belgian eID PKCS11 library) used by eidlib