CPANSA-Crypt-OpenSSL-DSA-2009-01: Crypt-OpenSSL-DSA vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2009-01-15T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2009-01-15T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score		Severity
Original language		Language	en
Also referred to

Vulnerability Description

Missing error check in do_verify, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature.

Vulnerabilities

CVE-2009-0129

Vulnerability Description

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Weakness	CWE-287 : Improper Authentication

Product status

Known affected

Product

Score

Crypt-OpenSSL-DSA less than 0.14

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
2.0	AV:N/AC:L/Au:N/C:P/I:N/A:N	5.0	Medium

Fixed

Crypt-OpenSSL-DSA greater than or equal 0.14

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-Crypt-OpenSSL-DSA-2009-01 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2009/cpansa-crypt-openssl-dsa-2009-01.json
https://metacpan.org/changes/distribution/Crypt-OpenSSL-DSA external
https://metacpan.org/changes/distribution/Crypt-OpenSSL-DSA
https://www.openwall.com/lists/oss-security/2009/01/12/4 external
https://www.openwall.com/lists/oss-security/2009/01/12/4
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519 external
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519
CVE-2009-0129 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2009-0129

Revision history

Version	Date of the revision	Summary of the revision
1	Thu Jan 15 00:00:00 2009	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/