PT-2009-2933 · Isc · Bind

Internet Systems Consortium ISC BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and...

DEBIAN-CVE-2009-0021

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...