CVE-2008-5077
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
CVE
CVE-2008-5077
Status
Candidate
Description
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
Severity
Medium
CVSS score
5,8
CVSS vector
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Phase
Assigned (25.10.2011)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5077
References
APPLE :
APPLE-SA-2009-05-12
BUGTRAQ :
20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
CERT :
TA09-133A
CONFIRM :
http://support.apple.com/kb/HT3549
CONFIRM :
http://support.avaya.com/elmodocs2/security/ASA-20...
CONFIRM :
http://support.nortel.com/go/main.jsp?cscat=BLTNDE...
CONFIRM :
http://voodoo-circle.sourceforge.net/sa/sa-2009012...
CONFIRM :
http://www.vmware.com/security/advisories/VMSA-200...
GENTOO :
GLSA-200902-02
HP :
HPSBMA02426
HP :
HPSBUX02418
HP :
SSRT090002
HP :
SSRT090053
MISC :
http://www.ocert.org/advisories/ocert-2008-016.html
OVAL :
oval:org.mitre.oval:def:6380
OVAL :
oval:org.mitre.oval:def:9155
SECUNIA :
33338
SECUNIA :
33436
SECUNIA :
33557
SECUNIA :
33673
SECUNIA :
33765
SECUNIA :
34211
SECUNIA :
35074
SECUNIA :
35108
SECUNIA :
39005
SLACKWARE :
SSA:2009-014-01
SUNALERT :
250826
UBUNTU :
USN-704-1
VUPEN :
ADV-2009-0040
VUPEN :
ADV-2009-0289
VUPEN :
ADV-2009-0362
VUPEN :
ADV-2009-0558
VUPEN :
ADV-2009-0904
VUPEN :
ADV-2009-0913
VUPEN :
ADV-2009-1297
VUPEN :
ADV-2009-1338
SecurityVulns:
OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities
HP System Management Homepage crossite scripting
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
