257949 – (CVE-2009-0265) <net-dns/bind-9.4.3_p1 incorrect checks for malformed RSA signatures (CVE-2009-0265)

Bug 257949 (CVE-2009-0265) - <net-dns/bind-9.4.3_p1 incorrect checks for malformed RSA signatures (CVE-2009-0265)

Summary: <net-dns/bind-9.4.3_p1 incorrect checks for malformed RSA signatures (CVE-200...

Status:	RESOLVED FIXED

Alias:	CVE-2009-0265

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	https://www.isc.org/node/389
Whiteboard:	B4 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-02-06 21:48 UTC by Stefan Behte (RETIRED)
Modified:	2009-03-09 13:10 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-02-06 21:48:33 UTC

CVE-2009-0265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0265):
  Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not
  properly check the return value from the OpenSSL EVP_VerifyFinal
  function, which allows remote attackers to bypass validation of the
  certificate chain via a malformed SSL/TLS signature, a similar
  vulnerability to CVE-2008-5077 and CVE-2009-0025.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2009-03-09 13:10:29 UTC

GLSA 200903-14