Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2008-5077

Published: 07/01/2009 Updated: 11/10/2018
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Subscribe to Openssl

Vulnerability Summary

OpenSSL 0.9.8i and previous versions does not properly check the return value from the EVP_VerifyFinal function, which allows remote malicious users to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.8e

openssl openssl 0.9.8c

openssl openssl 0.9.7k

openssl openssl 0.9.7a

openssl openssl 0.9.7f

openssl openssl 0.9.7g

openssl openssl 0.9.7j

openssl openssl 0.9.7

openssl openssl 0.9.8b

openssl openssl 0.9.8d

openssl openssl 0.9.7d

openssl openssl 0.9.7e

openssl openssl 0.9.6m

openssl openssl 0.9.6l

openssl openssl 0.9.6e

openssl openssl 0.9.6d

openssl openssl 0.9.6a

openssl openssl 0.9.6

openssl openssl 0.9.3a

openssl openssl 0.9.4

openssl openssl 0.9.7l

openssl openssl 0.9.8

openssl openssl 0.9.8a

openssl openssl 0.9.7h

openssl openssl 0.9.7i

openssl openssl 0.9.6i

openssl openssl 0.9.6h

openssl openssl 0.9.5a

openssl openssl 0.9.1c

openssl openssl 0.9.5

openssl openssl

openssl openssl 0.9.8g

openssl openssl 0.9.8f

openssl openssl 0.9.7b

openssl openssl 0.9.7c

openssl openssl 0.9.6g

openssl openssl 0.9.6f

openssl openssl 0.9.6j

openssl openssl 0.9.6k

openssl openssl 0.9.6c

openssl openssl 0.9.6b

openssl openssl 0.9.2b

openssl openssl 0.9.3

Vendor Advisories

Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic Updated OpenSSL packages that correct a security issue are now availablefor Red Hat Enterprise Linux 21, 3, 4, and 5This update has been rated as having important security impact by the RedHat Security Response Te ...
Ubuntu Security Notice: openssl vulnerability
It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information ...
Debian CVElist Bug Report Logs: slurm-llnl: Imporer checking of EVP_VerifyFinal() return value.
Debian Bug report logs - #511511 slurm-llnl: Imporer checking of EVP_VerifyFinal() return value Package: slurm-llnl; Maintainer for slurm-llnl is Debian HPC Team <debian-hpc@listsdebianorg>; Source for slurm-llnl is src:slurm-llnl (PTS, buildd, popcon) Reported by: Kurt Roeckx <kurt@roeckxbe> Date: Sun, 11 Jan 20 ...
Debian CVElist Bug Report Logs: bind9: CVE-2009-0025 incorrect check for openssl return values
Debian Bug report logs - #511936 bind9: CVE-2009-0025 incorrect check for openssl return values Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Thu, 15 Jan 2009 18:48:01 UTC Seve ...
Debian Security Advisories: DSA-1701-1 openssl, openssl097 -- interpretation conflict
It was discovered that OpenSSL does not properly verify DSA signatures on X509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X509 certificates as genuine (CVE-2008-5077) For the stable distribution (etch), this problem has been fixed in version 098c-4etch4 of the openssl package, and version 097k-31et ...

References

CWE-20http://www.ocert.org/advisories/ocert-2008-016.htmlhttp://secunia.com/advisories/33338http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.htmlhttp://secunia.com/advisories/33765http://secunia.com/advisories/33673http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796http://secunia.com/advisories/33557http://secunia.com/advisories/33436http://security.gentoo.org/glsa/glsa-200902-02.xmlhttp://support.avaya.com/elmodocs2/security/ASA-2009-038.htmhttp://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653http://www.vupen.com/english/advisories/2009/0558http://www.vmware.com/security/advisories/VMSA-2009-0004.htmlhttp://marc.info/?l=bugtraq&m=123859864430555&w=2http://www.vupen.com/english/advisories/2009/0913http://www.vupen.com/english/advisories/2009/0904http://secunia.com/advisories/34211http://support.apple.com/kb/HT3549http://www.vupen.com/english/advisories/2009/1297http://secunia.com/advisories/35074http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://marc.info/?l=bugtraq&m=124277349419254&w=2http://www.vupen.com/english/advisories/2009/1338http://secunia.com/advisories/35108http://secunia.com/advisories/39005http://www.vupen.com/english/advisories/2009/0040http://www.vupen.com/english/advisories/2009/0289http://www.vupen.com/english/advisories/2009/0362http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.htmlhttp://www.securitytracker.com/id?1021523http://www.redhat.com/support/errata/RHSA-2009-0004.htmlhttp://secunia.com/advisories/33394http://www.securityfocus.com/bid/33150http://www.openssl.org/news/secadv_20090107.txthttp://marc.info/?l=bugtraq&m=127678688104458&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380https://usn.ubuntu.com/704-1/http://www.securityfocus.com/archive/1/502322/100/0/threadedhttp://www.securityfocus.com/archive/1/499827/100/0/threadedhttps://access.redhat.com/errata/RHSA-2009:0004https://usn.ubuntu.com/704-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook