Описание
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1:9.3.2-2ubuntu1.6 |
| devel | released | 1:9.5.0.dfsg.P2-5ubuntu1 |
| gutsy | released | 1:9.4.1-P1-3ubuntu2.1 |
| hardy | released | 1:9.4.2.dfsg.P2-2ubuntu0.1 |
| intrepid | released | 1:9.5.0.dfsg.P2-1ubuntu3.1 |
| upstream | pending | 1:9.5.0.dfsg.P2-6 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check t ...
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
EPSS
6.8 Medium
CVSS2