Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0051

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0051
Last Modified 12 Jul 2013 12:00:00
Published 07 Jan 2009 01:30:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0051

Summary

ZXID 0.29 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Vulnerable Systems

Application

  • Zxid 0.1

  • Zxid 0.10

  • Zxid 0.11

  • Zxid 0.12

  • Zxid 0.13

  • Zxid 0.14

  • Zxid 0.15

  • Zxid 0.16

  • Zxid 0.17

  • Zxid 0.18

  • Zxid 0.19

  • Zxid 0.2

  • Zxid 0.20

  • Zxid 0.21

  • Zxid 0.22

  • Zxid 0.25

  • Zxid 0.26

  • Zxid 0.27

  • Zxid 0.28

  • Zxid 0.29

  • Zxid 0.3

  • Zxid 0.4

  • Zxid 0.5

  • Zxid 0.6

  • Zxid 0.7

  • Zxid 0.8

  • Zxid 0.9


References

XF - openssl-dsa-verify-security-bypass(47837)

MISC - http://www.ocert.org/advisories/ocert-2008-016.html

BUGTRAQ - 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses


Last Updated: 27 May 2016 10:49:48