|
|
Log in / Subscribe / Register

bind: validation bypass

Package(s):bind CVE #(s):CVE-2009-0265
Created:February 16, 2009 Updated:March 9, 2009
Description: From the CVE entry: Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
Alerts:
Gentoo 200903-14 bind 2009-03-09
Mandriva MDVSA-2009:037 bind 2008-02-16
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds