CVE - CVE-2008-5077

CVE-ID
CVE-2008-5077	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021523 URL:http://www.securitytracker.com/id?1021523 MISC:20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses URL:http://www.securityfocus.com/archive/1/499827/100/0/threaded MISC:20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim URL:http://www.securityfocus.com/archive/1/502322/100/0/threaded MISC:250826 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1~~ (Obsolete source) MISC:33150 URL:http://www.securityfocus.com/bid/33150 MISC:33338 URL:http://secunia.com/advisories/33338 MISC:33394 URL:http://secunia.com/advisories/33394 MISC:33436 URL:http://secunia.com/advisories/33436 MISC:33557 URL:http://secunia.com/advisories/33557 MISC:33673 URL:http://secunia.com/advisories/33673 MISC:33765 URL:http://secunia.com/advisories/33765 MISC:34211 URL:http://secunia.com/advisories/34211 MISC:35074 URL:http://secunia.com/advisories/35074 MISC:35108 URL:http://secunia.com/advisories/35108 MISC:39005 URL:http://secunia.com/advisories/39005 MISC:ADV-2009-0040 URL:~~http://www.vupen.com/english/advisories/2009/0040~~ (Obsolete source) MISC:ADV-2009-0289 URL:~~http://www.vupen.com/english/advisories/2009/0289~~ (Obsolete source) MISC:ADV-2009-0362 URL:~~http://www.vupen.com/english/advisories/2009/0362~~ (Obsolete source) MISC:ADV-2009-0558 URL:~~http://www.vupen.com/english/advisories/2009/0558~~ (Obsolete source) MISC:ADV-2009-0904 URL:~~http://www.vupen.com/english/advisories/2009/0904~~ (Obsolete source) MISC:ADV-2009-0913 URL:~~http://www.vupen.com/english/advisories/2009/0913~~ (Obsolete source) MISC:ADV-2009-1297 URL:~~http://www.vupen.com/english/advisories/2009/1297~~ (Obsolete source) MISC:ADV-2009-1338 URL:~~http://www.vupen.com/english/advisories/2009/1338~~ (Obsolete source) MISC:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html MISC:GLSA-200902-02 URL:http://security.gentoo.org/glsa/glsa-200902-02.xml MISC:HPSBMA02426 URL:http://marc.info/?l=bugtraq&m=124277349419254&w=2 MISC:HPSBOV02540 URL:http://marc.info/?l=bugtraq&m=127678688104458&w=2 MISC:HPSBUX02418 URL:http://marc.info/?l=bugtraq&m=123859864430555&w=2 MISC:RHSA-2009:0004 URL:http://www.redhat.com/support/errata/RHSA-2009-0004.html MISC:SSA:2009-014-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796 MISC:SSRT090002 URL:http://marc.info/?l=bugtraq&m=123859864430555&w=2 MISC:SSRT090053 URL:http://marc.info/?l=bugtraq&m=124277349419254&w=2 MISC:SUSE-SU-2011:0847 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html MISC:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html MISC:USN-704-1 URL:https://usn.ubuntu.com/704-1/ MISC:http://support.apple.com/kb/HT3549 URL:http://support.apple.com/kb/HT3549 MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-038.htm MISC:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653 URL:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=837653 MISC:http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html URL:http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html MISC:http://www.ocert.org/advisories/ocert-2008-016.html URL:http://www.ocert.org/advisories/ocert-2008-016.html MISC:http://www.openssl.org/news/secadv_20090107.txt URL:http://www.openssl.org/news/secadv_20090107.txt MISC:http://www.vmware.com/security/advisories/VMSA-2009-0004.html URL:http://www.vmware.com/security/advisories/VMSA-2009-0004.html MISC:openSUSE-SU-2011:0845 URL:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html MISC:oval:org.mitre.oval:def:6380 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380 MISC:oval:org.mitre.oval:def:9155 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155
Assigning CNA
Red Hat, Inc.
Date Record Created
20081114	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081114)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)