← back
CVE-2009-0025

CVE-2009-0025

EPSS 6.9%
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://marc.info/?l=bugtraq&m=141879471518471&w=2http://secunia.com/advisories/33494http://secunia.com/advisories/33546http://secunia.com/advisories/33551http://secunia.com/advisories/33559http://secunia.com/advisories/33683http://secunia.com/advisories/33882http://secunia.com/advisories/35074http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.aschttps://issues.rpath.com/browse/RPL-2938