EUVD-2009-0055

Malware in sbrugna...

[oCERT-2008-016] Multiple OpenSSL signature verification API misuses

2008-016 multiple OpenSSL signature verification API misuse Description: Several functions inside the OpenSSL library incorrectly check the result after calling the EVPVerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue...

CVE-2009-0046

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...

CVE-2009-0046

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...

Input validation

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...

CVE-2009-0046

Technical details about CVE-2009-0046 are not publicly available in the connected documents provided. Monitor for updates from vendor advisories and CVE trackers to obtain affected products, components, and remediation.

CVE-2009-0046

Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077...