6.8

CVE-2009-0025

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version9.0
IscBind Version9.0.0 Updaterc1
IscBind Version9.0.0 Updaterc2
IscBind Version9.0.0 Updaterc3
IscBind Version9.0.0 Updaterc4
IscBind Version9.0.0 Updaterc5
IscBind Version9.0.0 Updaterc6
IscBind Version9.0.1
IscBind Version9.0.1 Updaterc1
IscBind Version9.0.1 Updaterc2
IscBind Version9.1
IscBind Version9.1.0 Updaterc1
IscBind Version9.1.1
IscBind Version9.1.1 Updaterc1
IscBind Version9.1.1 Updaterc2
IscBind Version9.1.1 Updaterc3
IscBind Version9.1.1 Updaterc4
IscBind Version9.1.1 Updaterc5
IscBind Version9.1.1 Updaterc6
IscBind Version9.1.1 Updaterc7
IscBind Version9.1.2
IscBind Version9.1.2 Updaterc1
IscBind Version9.1.3
IscBind Version9.1.3 Updaterc1
IscBind Version9.1.3 Updaterc2
IscBind Version9.1.3 Updaterc3
IscBind Version9.2.0
IscBind Version9.2.0 Updatea1
IscBind Version9.2.0 Updatea2
IscBind Version9.2.0 Updatea3
IscBind Version9.2.0 Updateb1
IscBind Version9.2.0 Updateb2
IscBind Version9.2.0 Updaterc1
IscBind Version9.2.0 Updaterc10
IscBind Version9.2.0 Updaterc2
IscBind Version9.2.0 Updaterc3
IscBind Version9.2.0 Updaterc4
IscBind Version9.2.0 Updaterc5
IscBind Version9.2.0 Updaterc6
IscBind Version9.2.0 Updaterc7
IscBind Version9.2.0 Updaterc8
IscBind Version9.2.0 Updaterc9
IscBind Version9.2.1
IscBind Version9.2.1 Updaterc1
IscBind Version9.2.1 Updaterc2
IscBind Version9.2.2
IscBind Version9.2.2 Updatep2
IscBind Version9.2.2 Updatep3
IscBind Version9.2.2 Updaterc1
IscBind Version9.2.3
IscBind Version9.2.3 Updaterc1
IscBind Version9.2.3 Updaterc2
IscBind Version9.2.3 Updaterc3
IscBind Version9.2.3 Updaterc4
IscBind Version9.2.4
IscBind Version9.2.4 Updaterc2
IscBind Version9.2.4 Updaterc3
IscBind Version9.2.4 Updaterc4
IscBind Version9.2.4 Updaterc5
IscBind Version9.2.4 Updaterc6
IscBind Version9.2.4 Updaterc7
IscBind Version9.2.4 Updaterc8
IscBind Version9.2.5
IscBind Version9.2.5 Updateb2
IscBind Version9.2.5 Updaterc1
IscBind Version9.2.6
IscBind Version9.2.6 Updaterc1
IscBind Version9.2.7
IscBind Version9.2.7 Updaterc1
IscBind Version9.2.7 Updaterc2
IscBind Version9.2.7 Updaterc3
IscBind Version9.4
IscBind Version9.4.0
IscBind Version9.4.0 Updatea1
IscBind Version9.4.0 Updatea2
IscBind Version9.4.0 Updatea3
IscBind Version9.4.0 Updatea4
IscBind Version9.4.0 Updatea5
IscBind Version9.4.0 Updatea6
IscBind Version9.4.0 Updateb1
IscBind Version9.4.0 Updateb2
IscBind Version9.4.0 Updateb3
IscBind Version9.4.0 Updateb4
IscBind Version9.4.0 Updaterc1
IscBind Version9.4.0 Updaterc2
IscBind Version9.4.1
IscBind Version9.4.2
IscBind Version9.4.2 Updaterc1
IscBind Version9.4.2 Updaterc2
IscBind Version9.4.3
IscBind Version9.4.3 Updateb1
IscBind Version9.4.3 Updateb2
IscBind Version9.4.3 Updateb3
IscBind Version9.4.3 Updaterc1
IscBind Version9.5.0
IscBind Version9.5.1
IscBind Version9.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.86% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
http://marc.info/?l=bugtraq&m=141879471518471&w=2
http://www.securityfocus.com/archive/1/502322/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0004.html
http://www.vupen.com/english/advisories/2009/0904
http://www.ocert.org/advisories/ocert-2008-016.html
http://www.securityfocus.com/archive/1/499827/100/0/threaded
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33
http://secunia.com/advisories/33494
http://secunia.com/advisories/33546
http://secunia.com/advisories/33551
http://secunia.com/advisories/33559
http://secunia.com/advisories/33683
http://secunia.com/advisories/33882
http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362
http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1
http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm
http://wiki.rpath.com/Advisories:rPSA-2009-0009
http://www.openbsd.org/errata44.html#008_bind
http://www.securityfocus.com/archive/1/500207/100/0/threaded
http://www.securityfocus.com/bid/33151
http://www.vupen.com/english/advisories/2009/0043
http://www.vupen.com/english/advisories/2009/0366
https://issues.rpath.com/browse/RPL-2938
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569
https://www.isc.org/software/bind/advisories/cve-2009-0025
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html