Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-0025 CVE-2008-5077

Source

Debian Bug report logs - #511936
bind9: CVE-2009-0025 incorrect check for openssl return values

Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@tracker.debian.org>; Source for bind9 is src:bind9 (PTS, buildd, popcon).

Reported by: Nico Golde <nion@debian.org>

Date: Thu, 15 Jan 2009 18:48:01 UTC

Severity: important

Tags: patch, security

Fixed in version bind9/1:9.5.1.dfsg.P1-1

Done: LaMont Jones <lamont@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#511936; Package bind9. (Thu, 15 Jan 2009 18:48:04 GMT) (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>. (Thu, 15 Jan 2009 18:48:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Source: bind9
Severity: important
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for bind9.

CVE-2009-0025[0]:
| BIND 9.4.3 and earlier does not properly check the return value from
| the OpenSSL DSA_verify function, which allows remote attackers to
| bypass validation of the certificate chain via a malformed SSL/TLS
| signature, a similar vulnerability to CVE-2008-5077.

Unlike the above CVE id description says it is DSA_do_verify 
being used.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
    http://security-tracker.debian.net/tracker/CVE-2009-0025
and
https://www.isc.org/node/373

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Tags added: pending Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Mon, 26 Jan 2009 18:12:06 GMT) (full text, mbox, link).

Tags added: pending Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Mon, 26 Jan 2009 18:15:03 GMT) (full text, mbox, link).

Tags added: pending Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Mon, 26 Jan 2009 18:15:05 GMT) (full text, mbox, link).

Tags added: pending Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Mon, 26 Jan 2009 18:15:07 GMT) (full text, mbox, link).

Tags added: pending Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Mon, 26 Jan 2009 18:18:02 GMT) (full text, mbox, link).

Tags added: pending Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Mon, 26 Jan 2009 18:24:04 GMT) (full text, mbox, link).

Reply sent to LaMont Jones <lamont@debian.org>:
You have taken responsibility. (Mon, 09 Feb 2009 16:15:07 GMT) (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Mon, 09 Feb 2009 16:15:07 GMT) (full text, mbox, link).

Message #22 received at 511936-close@bugs.debian.org (full text, mbox, reply):

Source: bind9
Source-Version: 1:9.5.1.dfsg.P1-1

We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive:

bind9-doc_9.5.1.dfsg.P1-1_all.deb
  to pool/main/b/bind9/bind9-doc_9.5.1.dfsg.P1-1_all.deb
bind9-host_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/bind9-host_9.5.1.dfsg.P1-1_i386.deb
bind9_9.5.1.dfsg.P1-1.diff.gz
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P1-1.diff.gz
bind9_9.5.1.dfsg.P1-1.dsc
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P1-1.dsc
bind9_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P1-1_i386.deb
bind9_9.5.1.dfsg.P1.orig.tar.gz
  to pool/main/b/bind9/bind9_9.5.1.dfsg.P1.orig.tar.gz
bind9utils_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/bind9utils_9.5.1.dfsg.P1-1_i386.deb
dnsutils_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/dnsutils_9.5.1.dfsg.P1-1_i386.deb
libbind-dev_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/libbind-dev_9.5.1.dfsg.P1-1_i386.deb
libbind9-40_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/libbind9-40_9.5.1.dfsg.P1-1_i386.deb
libdns45_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/libdns45_9.5.1.dfsg.P1-1_i386.deb
libisc45_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/libisc45_9.5.1.dfsg.P1-1_i386.deb
libisccc40_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/libisccc40_9.5.1.dfsg.P1-1_i386.deb
libisccfg40_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/libisccfg40_9.5.1.dfsg.P1-1_i386.deb
liblwres40_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/liblwres40_9.5.1.dfsg.P1-1_i386.deb
lwresd_9.5.1.dfsg.P1-1_i386.deb
  to pool/main/b/bind9/lwresd_9.5.1.dfsg.P1-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 511936@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
LaMont Jones <lamont@debian.org> (supplier of updated bind9 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 26 Jan 2009 10:33:42 -0700
Source: bind9
Binary: bind9 bind9utils bind9-doc bind9-host libbind-dev libbind9-40 libdns45 libisc45 liblwres40 libisccc40 libisccfg40 dnsutils lwresd
Architecture: all i386 source 
Version: 1:9.5.1.dfsg.P1-1
Distribution: unstable
Urgency: low
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: LaMont Jones <lamont@debian.org>
Description: 
 bind9      - Internet Domain Name Server
 bind9-doc  - Documentation for BIND
 bind9-host - Version of 'host' bundled with BIND 9.X
 bind9utils - Utilities for BIND
 dnsutils   - Clients provided with BIND
 libbind-dev - Static Libraries and Headers used by BIND
 libbind9-40 - BIND9 Shared Library used by BIND
 libdns45   - DNS Shared Library used by BIND
 libisc45   - ISC Shared Library used by BIND
 libisccc40 - Command Channel Library used by BIND
 libisccfg40 - Config File Handling Library used by BIND
 liblwres40 - Lightweight Resolver Library used by BIND
 lwresd     - Lightweight Resolver Daemon
Closes: 511768 511936
Changes: 
 bind9 (1:9.5.1.dfsg.P1-1) unstable; urgency=low
 .
   * New upstream patch release
     - supportable version of fix from 9.5.0.dfsg.P2-5.1
     - CVE-2009-0025:  Closes: #511936
     - 2475: Overly agressive cache entry removal.  Closes: #511768
     - other bug fixes worthy of patch-release inclusion
Files: 
 2f1f334bda9cb1abf0152ac8c787d78f 144228 net standard dnsutils_9.5.1.dfsg.P1-1_i386.deb
 2c7a9628271ca802ff54f9834998696e 1019 net optional bind9_9.5.1.dfsg.P1-1.dsc
 33fa8f34d448810e6a3f3ff667488b69 149458 libs standard libisc45_9.5.1.dfsg.P1-1_i386.deb
 343374ae2fc430c3d3950bcd3a24e746 31866 libs standard libbind9-40_9.5.1.dfsg.P1-1_i386.deb
 61a7a116996a1b503041cf9cde3f4081 1264356 libdevel optional libbind-dev_9.5.1.dfsg.P1-1_i386.deb
 62fdaca3c05b5196a317d458c0852794 93064 net optional bind9utils_9.5.1.dfsg.P1-1_i386.deb
 6ad469d1d57f875605fd495f8f532b98 240748 net optional bind9_9.5.1.dfsg.P1-1_i386.deb
 88fc2172d1a272900a13301326867b06 223424 net optional bind9_9.5.1.dfsg.P1-1.diff.gz
 8e9408280c6aaba92df23468ffae0df7 43868 libs optional libisccfg40_9.5.1.dfsg.P1-1_i386.deb
 8f9d463c423009e0cfc7d7642f666789 60804 net standard bind9-host_9.5.1.dfsg.P1-1_i386.deb
 9fcc60221e7aede17d47d2fcbb684199 198864 net optional lwresd_9.5.1.dfsg.P1-1_i386.deb
 a73a91111a6c7b59c307841445ff1ea5 44802 libs standard liblwres40_9.5.1.dfsg.P1-1_i386.deb
 c821ad8231d9fd5fef47d283e0dc9b17 26584 libs optional libisccc40_9.5.1.dfsg.P1-1_i386.deb
 d58c3ab2ba0a100df389c09769f05b96 547518 libs standard libdns45_9.5.1.dfsg.P1-1_i386.deb
 dd0d457eadf3439916de672e03ea7a29 265924 doc optional bind9-doc_9.5.1.dfsg.P1-1_all.deb
 e556b2c9b8718a0b867d4038b57864d7 4651682 net optional bind9_9.5.1.dfsg.P1.orig.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJfnvbzN/kmwoKyScRAr4MAJ0ZUKFWugdpC3KKfyMoX0MtqGDQ9ACfckIa
nO1s55NlkRLQgZUsjiJGcpE=
=vzVw
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 15 Apr 2009 07:28:27 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:05:24 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

bind9: CVE-2009-0025 incorrect check for openssl return values

Debian Bug report logs - #511936
bind9: CVE-2009-0025 incorrect check for openssl return values

Vulmon Search

About

Products

Connect

bind9: CVE-2009-0025 incorrect check for openssl return values

Debian Bug report logs - #511936 bind9: CVE-2009-0025 incorrect check for openssl return values

Vulmon Search

About

Products

Connect

Debian Bug report logs - #511936
bind9: CVE-2009-0025 incorrect check for openssl return values