PT-2009-6710 · Openssl+1 · Openssl+1

Published

1970-01-01

Updated

2025-01-21

CVE-2008-5077

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions 0.9.8i and earlier

Description The issue allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For OpenSSL versions 0.9.8i and earlier, update to a version later than 0.9.8i to resolve the issue. As a temporary workaround, consider disabling the use of DSA and ECDSA keys until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-310

Related Identifiers

BDU:2015-03330

BDU:2015-04156

BDU:2015-04157

BDU:2015-04158

BDU:2015-04159

BDU:2015-04160

BDU:2015-05174

BDU:2015-05175

BDU:2015-07754

BDU:2015-07755

BDU:2015-09365

BDU:2015-09366

BDU:2015-09905

CVE-2008-5077

DSA-1701-1

HPSBUX02418

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:10658-1

OPENSUSE-SU-2024:11127-1

RHSA-2009:0004

RHSA-2009_0004

SUSE-FU-2022:0445-1

Affected Products

Openssl

Red Hat

PT-2009-6710 · Openssl+1 · Openssl+1

CVE-2008-5077

Weakness Enumeration

Related Identifiers

Affected Products

References · 233