PT-2009-6710 · Openssl+1 · Openssl+1

Publicado

1970-01-01

Atualizado

2025-01-21

CVE-2008-5077

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8i and earlier

Description The issue allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For OpenSSL versions 0.9.8i and earlier, update to a version later than 0.9.8i to resolve the issue. As a temporary workaround, consider disabling the use of DSA and ECDSA keys until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-310

Identificadores relacionados

BDU:2015-03330

BDU:2015-04156

BDU:2015-04157

BDU:2015-04158

BDU:2015-04159

BDU:2015-04160

BDU:2015-05174

BDU:2015-05175

BDU:2015-07754

BDU:2015-07755

BDU:2015-09365

BDU:2015-09366

BDU:2015-09905

CVE-2008-5077

DSA-1701-1

HPSBUX02418

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:10658-1

OPENSUSE-SU-2024:11127-1

RHSA-2009:0004

RHSA-2009_0004

SUSE-FU-2022:0445-1

Produtos afetados

Openssl

Red Hat

PT-2009-6710 · Openssl+1 · Openssl+1

CVE-2008-5077

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 233