Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 257949 (CVE-2009-0265)

Summary: <net-dns/bind-9.4.3_p1 incorrect checks for malformed RSA signatures (CVE-2009-0265)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: bind+disabled, voxus
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.isc.org/node/389
Whiteboard: B4 [glsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-02-06 21:48:33 UTC 
CVE-2009-0265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0265):
  Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not
  properly check the return value from the OpenSSL EVP_VerifyFinal
  function, which allows remote attackers to bypass validation of the
  certificate chain via a malformed SSL/TLS signature, a similar
  vulnerability to CVE-2008-5077 and CVE-2009-0025.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-03-09 13:10:29 UTC 
GLSA 200903-14