Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0265

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.

Related bugs and status

CVE-2009-0265 (Candidate) is related to these bugs:

Bug #324249: [CVE-2009-0265] BIND 9 not properly checking the return value from OpenSSL EVP_VerifyFinal()

Summary				In	Importance	Status
	324249	[CVE-2009-0265] BIND 9 not properly checking the return value from OpenSSL EVP_VerifyFinal()		bind9 (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://groups.google.c...
CONFIRM: https://www.isc.org/no...
SECUNIA: 33559
MANDRIVA: MDVSA-2009:037
VUPEN: ADV-2009-0043
SLACKWARE: SSA:2009-014-02