Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 255576 (CVE-2009-0125)

Summary: net-analyzer/libnasl<=2.2.11 DSA_do_verify certificate chain bypass (CVE-2009-0125)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=479655
Whiteboard: B4 [ebuild]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-19 23:53:52 UTC
CVE-2009-0125 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0125):
  nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library
  (aka libnasl) 2.2.11 does not properly check the return value from
  the OpenSSL DSA_do_verify function, which allows remote attackers to
  bypass validation of the certificate chain via a malformed SSL/TLS
  signature, a similar vulnerability to CVE-2008-5077.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-01-21 11:48:14 UTC
Upstream states:
> From: Renaud Deraison <deraison nessus org>
> Date: January 18, 2009 10:43:29 PM CEST
> 
> I wanted to dispute the existence of CVE-2009-0125 (libnasl misusing the 
> return value of DSA_do_verify()) : while we do misuse this function (this is 
> a bug), it has absolutely no security ramification.
> 
> To give you some context, the function DSA_do_verify() is called by the nasl 
> function  dsa_do_verify() which is used when Nessus attempts to log into a 
> remote SSH server.
> 
> If an attacker were to control a rogue SSH server, then he would be better 
> off submitting a perfectly valid signature instead of a malformed one, and we 
> would log into it anyways. Hence, there is absolutely no security risk 
> associated with the misuse of this function.