Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0591

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2009-0591
Last Modified 19 Jan 2011 01:45:53
Published 27 Mar 2009 12:30:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2009-0591

Summary

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

Vulnerable Systems

Application

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j


References

CONFIRM - https://kb.bluecoat.com/index?page=content&id=SA50

XF - openssl-cmsverify-security-bypass(49432)

VUPEN - ADV-2009-1548

VUPEN - ADV-2009-1175

VUPEN - ADV-2009-1020

VUPEN - ADV-2009-0850

BID - 34256

CONFIRM - http://www.php.net/archive/2009.php#id2009-04-08-1

OSVDB - 52865

CONFIRM - http://www.openssl.org/news/secadv_20090325.txt

CONFIRM - http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

CONFIRM - http://support.apple.com/kb/HT3865

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

SECTRACK - 1021907

SECUNIA - 42733

SECUNIA - 42724

SECUNIA - 36701

SECUNIA - 35729

SECUNIA - 35380

SECUNIA - 35065

SECUNIA - 34666

SECUNIA - 34460

SECUNIA - 34411

HP - SSRT090059

SUSE - SUSE-SR:2009:010

APPLE - APPLE-SA-2009-09-10-2

NETBSD - NetBSD-SA2009-008

HP - HPSBUX02435


Last Updated: 27 May 2016 10:50:00