Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23726

HistoryApr 10, 2020 - 12:34 a.m.

DSA Certificate Validation Bypass

2020-04-1000:34:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

bind is vulnerable to DSA certificate validation bypass. The vulnerability exists as a flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks.

CPENameOperatorVersion
bindeq9.3.3__7.el5
bindeq9.2.4__21.el3
bindeq9.2.4__28.0.1.el4
bindeq9.3.3__9.0.1.el5
bindeq9.2.1__10.el2
bindeq9.3.4__6.0.1.P1.el5_2
bindeq9.3.4__6.0.2.P1.el5_2
bindeq9.3.4__6.P1.el5
bindeq9.2.4__27.0.1.el4
bindeq9.2.4__22.el3

Rows per page:

1-10 of 281

References

groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33

lists.apple.com/archives/security-announce/2009/May/msg00002.html

marc.info/?l=bugtraq&m=141879471518471&w=2

secunia.com/advisories/33494

secunia.com/advisories/33546

secunia.com/advisories/33551

secunia.com/advisories/33559

secunia.com/advisories/33683

secunia.com/advisories/33882

secunia.com/advisories/35074

security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362

sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-045.htm

wiki.rpath.com/Advisories:rPSA-2009-0009

www.ocert.org/advisories/ocert-2008-016.html

www.openbsd.org/errata44.html#008_bind

www.redhat.com/security/updates/classification/#moderate

www.securityfocus.com/archive/1/499827/100/0/threaded

www.securityfocus.com/archive/1/500207/100/0/threaded

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/33151

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2009/0043

www.vupen.com/english/advisories/2009/0366

www.vupen.com/english/advisories/2009/0904

www.vupen.com/english/advisories/2009/1297

access.redhat.com/errata/RHSA-2009:0020

issues.rpath.com/browse/RPL-2938

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569

www.isc.org/node/373

www.isc.org/software/bind/advisories/cve-2009-0025

www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:23726

nessus35 openvas43 fedora3 centos2 ubuntu1 suse1 oraclelinux1 debian1 redhat1 freebsd_advisory1 prion2 debiancve2 gentoo1 slackware1 cve2 ubuntucve2 f56 securityvulns3 vmware2