CVE-2009-0126

Name of the Vulnerable Software and Affected Versions BOINC versions 6.2.14 through 6.4.5

Description The issue allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature. This can lead to a breach of confidentiality of protected information. The exploitation of the issue can be done remotely.

Recommendations For BOINC versions 6.2.14 and 6.4.5, consider disabling the decrypt public function in lib/crypt.cpp as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.