Lucene search

PRIOn knowledge basePRION:CVE-2008-5077

HistoryJan 07, 2009 - 5:30 p.m.

Input validation

2009-01-0717:30:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

81.0%

JSON

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

CPENameOperatorVersion
openssleq0.9.7 beta5
openssleq0.9.7 beta3
openssleq0.9.5a beta2
openssleq0.9.7 beta6
openssleq0.9.898
openssleq0.9.7108
openssleq0.9.6105
openssleq0.9.3
openssleq0.9.899
openssleq0.9.7 beta2

Name	Operator	Version
openssl	eq	0.9.7 beta5
openssl	eq	0.9.7 beta3
openssl	eq	0.9.5a beta2
openssl	eq	0.9.7 beta6
openssl	eq	0.9.898
openssl	eq	0.9.7108
openssl	eq	0.9.6105
openssl	eq	0.9.3
openssl	eq	0.9.899
openssl	eq	0.9.7 beta2

Rows per page:

1-10 of 591

References

lists.apple.com/archives/security-announce/2009/May/msg00002.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

secunia.com/advisories/33338

secunia.com/advisories/33394

secunia.com/advisories/33436

secunia.com/advisories/33557

secunia.com/advisories/33673

secunia.com/advisories/33765

secunia.com/advisories/34211

secunia.com/advisories/35074

secunia.com/advisories/35108

secunia.com/advisories/39005

security.gentoo.org/glsa/glsa-200902-02.xml

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796

sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1

support.apple.com/kb/HT3549

support.avaya.com/elmodocs2/security/ASA-2009-038.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653

voodoo-circle.sourceforge.net/sa/sa-20090123-01.html

www.ocert.org/advisories/ocert-2008-016.html

www.redhat.com/support/errata/RHSA-2009-0004.html

www.securityfocus.com/archive/1/499827/100/0/threaded

www.securityfocus.com/archive/1/502322/100/0/threaded

www.securityfocus.com/bid/33150

www.securitytracker.com/id?1021523

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vmware.com/security/advisories/VMSA-2009-0004.html

www.vupen.com/english/advisories/2009/0040

www.vupen.com/english/advisories/2009/0289

www.vupen.com/english/advisories/2009/0362

www.vupen.com/english/advisories/2009/0558

www.vupen.com/english/advisories/2009/0904

www.vupen.com/english/advisories/2009/0913

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1338

marc.info/?l=bugtraq&m=123859864430555&w=2

marc.info/?l=bugtraq&m=124277349419254&w=2

marc.info/?l=bugtraq&m=127678688104458&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155

usn.ubuntu.com/704-1/

www.openssl.org/news/secadv_20090107.txt