Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-0126HistoryJan 15, 2009 - 5:30 p.m.
CVE-2009-0126
2009-01-1517:30:00
Debian Security Bug Tracker
security-tracker.debian.org
12
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS
0.007
Percentile
81.0%
The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | boinc | <Β 6.2.14-3 | boinc_6.2.14-3_all.deb |
| Debian | 11 | all | boinc | <Β 6.2.14-3 | boinc_6.2.14-3_all.deb |
| Debian | 999 | all | boinc | <Β 6.2.14-3 | boinc_6.2.14-3_all.deb |
| Debian | 13 | all | boinc | <Β 6.2.14-3 | boinc_6.2.14-3_all.deb |
Related
ubuntucve
ubuntucve
nvd
nvd
cvelist
cvelist
cve
cve
prion
prion
Input validation
2009-01-15 17:30:00
Input validation
2009-01-07 17:30:00
Input validation
2009-01-07 18:30:00
openvas
openvas
Fedora Core 9 FEDORA-2009-0578 (boinc-client)
2009-02-10 00:00:00
Fedora Core 10 FEDORA-2009-0587 (boinc-client)
2009-02-10 00:00:00
Debian: Security Advisory (DSA-1718-1)
2009-02-10 00:00:00
nessus
nessus
Debian DSA-1718-1 : boinc - incorrect API usage
2009-02-09 00:00:00
Fedora 9 : boinc-client-6.4.5-2.20081217svn.fc9 (2009-0578)
2009-02-05 00:00:00
openSUSE Security Update : boinc-client (boinc-client-437)
2009-07-21 00:00:00
debian
debian
[SECURITY] [DSA 1718-1] New boinc packages fix validation bypass
2009-02-08 21:31:08
[SECURITY] [DSA 1701-1] New OpenSSL packages fix cryptographic weakness
2009-01-12 20:03:29
securityvulns
securityvulns
[SECURITY] [DSA 1718-1] New boinc packages fix validation bypass
2009-02-10 00:00:00
OpenSSL / ntp / bind / boinc certificate validation cryptographic vulnerabilities
2009-02-10 00:00:00
FreeBSD Security Advisory FreeBSD-SA-09:02.openssl
2009-01-09 00:00:00
centos
centos
openssl, openssl096b, openssl097a security update
2009-01-07 22:28:50
openssl, openssl095a, openssl096 security update
2009-02-02 23:30:18
ubuntu
ubuntu
OpenSSL vulnerability
2009-01-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8j-alt1
2009-01-08 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8j-alt1
2009-01-08 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: tqsllib-2.0-5.fc10
2009-01-15 02:55:49
[SECURITY] Fedora 10 Update: openssl-0.9.8g-12.fc10
2009-01-08 04:19:50
[SECURITY] Fedora 9 Update: tqsllib-2.0-5.fc9
2009-01-15 03:07:29
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:30:43
redhat
redhat
(RHSA-2009:0004) Important: openssl security update
2009-01-07 00:00:00
debiancve
debiancve
seebug
seebug
OpenSSL 'EVP_VerifyFinal'ε½ζ°ηΎειͺθ―ζΌζ΄
2009-01-08 00:00:00
gentoo
gentoo
OpenSSL: Certificate validation error
2009-02-12 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:02.openssl
2009-01-07 00:00:00
osv
osv
openssl openssl097 - cryptographic weakness
2009-01-12 00:00:00
suse
suse
SSL certificate checking bypass in openssl
2009-01-23 16:31:52
oraclelinux
oraclelinux
openssl security update
2009-01-07 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2008-5077
2009-01-07 00:00:00
f5
f5
K9889 : NTP vulnerability CVE-2009-0021
2013-03-25 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS
0.007
Percentile
81.0%
Related for DEBIANCVE:CVE-2009-0126