CVE-2009-0591
CVE-2009-0591
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.aschttp://lists.apple.com/archives/security-announce/2009/Sep/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlhttp://marc.info/?l=bugtraq&m=124464882609472&w=2http://marc.info/?l=bugtraq&m=127678688104458&w=2http://secunia.com/advisories/34411http://secunia.com/advisories/34460http://secunia.com/advisories/34666http://secunia.com/advisories/35065http://secunia.com/advisories/35380http://secunia.com/advisories/35729http://secunia.com/advisories/36701