CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
81.0%
It was discovered that OpenSSL did not properly perform signature verification
on DSA and ECDSA keys. If user or automated system connected to a malicious
server or a remote attacker were able to perform a machine-in-the-middle attack,
this flaw could be exploited to view sensitive information.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | libssl0.9.8 | <Β 0.9.8g-10.1ubuntu2.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libcrypto0.9.8-udeb | <Β 0.9.8g-10.1ubuntu2.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libssl-dev | <Β 0.9.8g-10.1ubuntu2.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libssl0.9.8 | <Β dbg-0.9.8g-10.1ubuntu2.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | openssl | <Β 0.9.8g-10.1ubuntu2.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl0.9.8 | <Β 0.9.8g-4ubuntu3.4 | UNKNOWN |
Ubuntu | 8.04 | noarch | libcrypto0.9.8-udeb | <Β 0.9.8g-4ubuntu3.4 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl-dev | <Β 0.9.8g-4ubuntu3.4 | UNKNOWN |
Ubuntu | 8.04 | noarch | libssl0.9.8-dbg | <Β 0.9.8g-4ubuntu3.4 | UNKNOWN |
Ubuntu | 8.04 | noarch | openssl | <Β 0.9.8g-4ubuntu3.4 | UNKNOWN |