5.8

CVE-2008-5077

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version <= 0.9.8h
OpenSSLOpenSSL Version0.9.1c
OpenSSLOpenSSL Version0.9.2b
OpenSSLOpenSSL Version0.9.3
OpenSSLOpenSSL Version0.9.3a
OpenSSLOpenSSL Version0.9.4
OpenSSLOpenSSL Version0.9.5
OpenSSLOpenSSL Version0.9.5 Updatebeta1
OpenSSLOpenSSL Version0.9.5 Updatebeta2
OpenSSLOpenSSL Version0.9.5a
OpenSSLOpenSSL Version0.9.5a Updatebeta1
OpenSSLOpenSSL Version0.9.5a Updatebeta2
OpenSSLOpenSSL Version0.9.6
OpenSSLOpenSSL Version0.9.6 Updatebeta1
OpenSSLOpenSSL Version0.9.6 Updatebeta2
OpenSSLOpenSSL Version0.9.6 Updatebeta3
OpenSSLOpenSSL Version0.9.6a
OpenSSLOpenSSL Version0.9.6a Updatebeta1
OpenSSLOpenSSL Version0.9.6a Updatebeta2
OpenSSLOpenSSL Version0.9.6a Updatebeta3
OpenSSLOpenSSL Version0.9.6b
OpenSSLOpenSSL Version0.9.6c
OpenSSLOpenSSL Version0.9.6d
OpenSSLOpenSSL Version0.9.6e
OpenSSLOpenSSL Version0.9.6f
OpenSSLOpenSSL Version0.9.6g
OpenSSLOpenSSL Version0.9.6h
OpenSSLOpenSSL Version0.9.6i
OpenSSLOpenSSL Version0.9.6j
OpenSSLOpenSSL Version0.9.6k
OpenSSLOpenSSL Version0.9.6l
OpenSSLOpenSSL Version0.9.6m
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7 Updatebeta1
OpenSSLOpenSSL Version0.9.7 Updatebeta2
OpenSSLOpenSSL Version0.9.7 Updatebeta3
OpenSSLOpenSSL Version0.9.7 Updatebeta4
OpenSSLOpenSSL Version0.9.7 Updatebeta5
OpenSSLOpenSSL Version0.9.7 Updatebeta6
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.7l
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
OpenSSLOpenSSL Version0.9.8d
OpenSSLOpenSSL Version0.9.8e
OpenSSLOpenSSL Version0.9.8f
OpenSSLOpenSSL Version0.9.8g
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.15% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
Vendor Advisory
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
Vendor Advisory
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2009/0904
Vendor Advisory
http://marc.info/?l=bugtraq&m=124277349419254&w=2
http://secunia.com/advisories/35108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1338
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
http://marc.info/?l=bugtraq&m=123859864430555&w=2
http://marc.info/?l=bugtraq&m=127678688104458&w=2
http://secunia.com/advisories/33338
Vendor Advisory
http://secunia.com/advisories/33394
http://secunia.com/advisories/33436
Vendor Advisory
http://secunia.com/advisories/33557
Vendor Advisory
http://secunia.com/advisories/33673
Vendor Advisory
http://secunia.com/advisories/33765
Vendor Advisory
http://secunia.com/advisories/34211
Vendor Advisory
http://secunia.com/advisories/39005
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200902-02.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796
http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1
http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653
http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html
http://www.ocert.org/advisories/ocert-2008-016.html
http://www.openssl.org/news/secadv_20090107.txt
http://www.redhat.com/support/errata/RHSA-2009-0004.html
http://www.securityfocus.com/archive/1/499827/100/0/threaded
http://www.securityfocus.com/bid/33150
http://www.securitytracker.com/id?1021523
http://www.vupen.com/english/advisories/2009/0040
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0289
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0362
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0558
Vendor Advisory
http://www.vupen.com/english/advisories/2009/0913
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155
https://usn.ubuntu.com/704-1/