Published: 15/01/2009 Updated: 06/03/2009
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote malicious users to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Affected Products

Vendor Product Versions
BerkeleyBoinc Client6.2.14, 6.4.5

Vendor Advisories

Debian Bug report logs - #511521 boinc: Does not check the RSA_public_decrypt() return value Package: boinc; Maintainer for boinc is Debian BOINC Maintainers <pkg-boinc-devel@listsaliothdebianorg>; Source for boinc is src:boinc (PTS, buildd, popcon) Reported by: Kurt Roeckx <kurt@roeckxbe> Date: Sun, 11 Jan 2009 ...
It was discovered that the core client for the BOINC distributed computing infrastructure performs incorrect validation of the return values of OpenSSL's RSA functions For the stable distribution (etch), this problem has been fixed in version 5411-4+etch1 For the upcoming stable distribution (lenny), this problem has been fixed in version 621 ...