Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-0125 | First vendor Publication | 2009-01-15 |
Vendor | Cve | Last vendor Modification | 2024-05-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0125 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:271 (libnasl) File : nvt/mdksa_2009_271.nasl |
2009-02-02 | Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl |
2009-01-22 | Name : OpenSSL DSA_do_verify() Security Bypass Vulnerability in NASL File : nvt/secpod_nasl_sec_bypass_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51164 | OpenSSL EVP_VerifyFinal Function DSA / ECDSA Key Validation Weakness OpenSSL contains a flaw that may allow a malicious user to perform a 'man in the middle' attack. The issue is triggered when several functions within OpenSSL incorrectly check the result of the EVP_VerifyFinal function. It is possible that the flaw may allow a malformed signature to be treated as a good signature instead of an error, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0020.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0046.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0046.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libnasl-090120.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-705-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-706-1.nasl - Type : ACT_GATHER_INFO |
2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0020.nasl - Type : ACT_GATHER_INFO |
2009-01-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0046.nasl - Type : ACT_GATHER_INFO |
2009-01-22 | Name : The remote openSUSE host is missing a security update. File : suse_libnasl-5943.nasl - Type : ACT_GATHER_INFO |
2009-01-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1701.nasl - Type : ACT_GATHER_INFO |
2009-01-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1702.nasl - Type : ACT_GATHER_INFO |
2009-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0020.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0004.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-05-17 09:28:41 |
|
2024-05-14 21:28:28 |
|
2024-04-11 09:28:44 |
|
2024-03-21 09:28:46 |
|
2023-11-07 21:47:46 |
|
2021-05-04 12:09:00 |
|
2021-04-22 01:09:21 |
|
2020-05-23 00:23:12 |
|
2016-04-26 18:33:23 |
|
2014-02-17 10:48:19 |
|
2013-05-10 23:41:54 |
|