Summary: | net-analyzer/libnasl<=2.2.11 DSA_do_verify certificate chain bypass (CVE-2009-0125) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=479655 | ||
Whiteboard: | B4 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
![]() ![]() Upstream states:
> From: Renaud Deraison <deraison nessus org>
> Date: January 18, 2009 10:43:29 PM CEST
>
> I wanted to dispute the existence of CVE-2009-0125 (libnasl misusing the
> return value of DSA_do_verify()) : while we do misuse this function (this is
> a bug), it has absolutely no security ramification.
>
> To give you some context, the function DSA_do_verify() is called by the nasl
> function dsa_do_verify() which is used when Nessus attempts to log into a
> remote SSH server.
>
> If an attacker were to control a rogue SSH server, then he would be better
> off submitting a perfectly valid signature instead of a malformed one, and we
> would log into it anyways. Hence, there is absolutely no security risk
> associated with the misuse of this function.
|