CVE-2009-0125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0125): nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Upstream states: > From: Renaud Deraison <deraison nessus org> > Date: January 18, 2009 10:43:29 PM CEST > > I wanted to dispute the existence of CVE-2009-0125 (libnasl misusing the > return value of DSA_do_verify()) : while we do misuse this function (this is > a bug), it has absolutely no security ramification. > > To give you some context, the function DSA_do_verify() is called by the nasl > function dsa_do_verify() which is used when Nessus attempts to log into a > remote SSH server. > > If an attacker were to control a rogue SSH server, then he would be better > off submitting a perfectly valid signature instead of a malformed one, and we > would log into it anyways. Hence, there is absolutely no security risk > associated with the misuse of this function.
