PT-2009-2753 · Openssl · Openssl

Publicado

2009-01-07

Atualizado

2018-10-11

CVE-2009-0047

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gale versions 0.99 and earlier

Description The issue arises from improper checking of the return value from the OpenSSL EVP VerifyFinal function. This allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Recommendations For versions 0.99 and earlier, ensure proper validation of the certificate chain by correctly checking the return value from the OpenSSL EVP VerifyFinal function. As a temporary workaround, consider restricting the use of DSA and ECDSA keys until a proper fix is implemented.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310CWE-287

Identificadores relacionados

CVE-2009-0047

Produtos afetados

Openssl

PT-2009-2753 · Openssl · Openssl

CVE-2009-0047

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4