CVE-2009-0025

Name of the Vulnerable Software and Affected Versions BIND versions 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier

Description The issue allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature. This occurs because the software does not properly check the return value from the OpenSSL DSA verify function.

Recommendations For versions 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier, update to a version that properly checks the return value from the OpenSSL DSA verify function to prevent bypassing of certificate chain validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.