ID CVE-2009-0025
Summary BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 11-10-2018 - 20:58)
Impact:
Exploitability:
CWE CWE-287
CAPEC
  • Authentication Abuse
    An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Utilizing REST's Trust in the System Resource to Register Man in the Middle
    This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
  • Man in the Middle Attack
    This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
non_vulnerable_configuration via4
    oval via4
    • accepted 2013-04-29T04:09:35.806-04:00
      class vulnerability
      contributors
      • name Aharon Chernin
        organization SCAP.com, LLC
      • name Dragos Prisaca
        organization G2, Inc.
      definition_extensions
      • comment The operating system installed on the system is Red Hat Enterprise Linux 3
        oval oval:org.mitre.oval:def:11782
      • comment CentOS Linux 3.x
        oval oval:org.mitre.oval:def:16651
      • comment The operating system installed on the system is Red Hat Enterprise Linux 4
        oval oval:org.mitre.oval:def:11831
      • comment CentOS Linux 4.x
        oval oval:org.mitre.oval:def:16636
      • comment Oracle Linux 4.x
        oval oval:org.mitre.oval:def:15990
      • comment The operating system installed on the system is Red Hat Enterprise Linux 5
        oval oval:org.mitre.oval:def:11414
      • comment The operating system installed on the system is CentOS Linux 5.x
        oval oval:org.mitre.oval:def:15802
      • comment Oracle Linux 5.x
        oval oval:org.mitre.oval:def:15459
      description BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
      family unix
      id oval:org.mitre.oval:def:10879
      status accepted
      submitted 2010-07-09T03:56:16-04:00
      title BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
      version 24
    • accepted 2009-11-30T04:00:05.406-05:00
      class vulnerability
      contributors
      • name Michael Wood
        organization Hewlett-Packard
      • name Michael Wood
        organization Hewlett-Packard
      definition_extensions
      • comment VMWare ESX Server 3.0.3 is installed
        oval oval:org.mitre.oval:def:6026
      • comment VMWare ESX Server 3.0.2 is installed
        oval oval:org.mitre.oval:def:5613
      • comment VMware ESX Server 3.5.0 is installed
        oval oval:org.mitre.oval:def:5887
      description BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
      family unix
      id oval:org.mitre.oval:def:5569
      status accepted
      submitted 2009-09-23T15:39:02.000-04:00
      title Avaya Solaris BIND "EVP_VerifyFinal()" Signature Spoofing Vulnerability
      version 3
    redhat via4
    advisories
    bugzilla
    id 478984
    title CVE-2009-0025 bind: DSA_do_verify() returns check issue
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-23.el3
            oval oval:com.redhat.rhsa:tst:20090020002
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-23.el3
            oval oval:com.redhat.rhsa:tst:20090020010
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-23.el3
            oval oval:com.redhat.rhsa:tst:20090020006
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-23.el3
            oval oval:com.redhat.rhsa:tst:20090020008
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-23.el3
            oval oval:com.redhat.rhsa:tst:20090020004
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment bind is earlier than 20:9.2.4-30.el4_7.1
            oval oval:com.redhat.rhsa:tst:20090020013
          • comment bind is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044003
        • AND
          • comment bind-chroot is earlier than 20:9.2.4-30.el4_7.1
            oval oval:com.redhat.rhsa:tst:20090020016
          • comment bind-chroot is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044009
        • AND
          • comment bind-devel is earlier than 20:9.2.4-30.el4_7.1
            oval oval:com.redhat.rhsa:tst:20090020015
          • comment bind-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044005
        • AND
          • comment bind-libs is earlier than 20:9.2.4-30.el4_7.1
            oval oval:com.redhat.rhsa:tst:20090020017
          • comment bind-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044007
        • AND
          • comment bind-utils is earlier than 20:9.2.4-30.el4_7.1
            oval oval:com.redhat.rhsa:tst:20090020014
          • comment bind-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070044011
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment bind is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020019
          • comment bind is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057003
        • AND
          • comment bind-chroot is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020025
          • comment bind-chroot is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057005
        • AND
          • comment bind-devel is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020023
          • comment bind-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057007
        • AND
          • comment bind-libbind-devel is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020021
          • comment bind-libbind-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057015
        • AND
          • comment bind-libs is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020029
          • comment bind-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057017
        • AND
          • comment bind-sdb is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020033
          • comment bind-sdb is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057009
        • AND
          • comment bind-utils is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020027
          • comment bind-utils is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057011
        • AND
          • comment caching-nameserver is earlier than 30:9.3.4-6.0.3.P1.el5_2
            oval oval:com.redhat.rhsa:tst:20090020031
          • comment caching-nameserver is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070057013
    rhsa
    id RHSA-2009:0020
    released 2009-01-08
    severity Moderate
    title RHSA-2009:0020: bind security update (Moderate)
    rpms
    • bind-20:9.2.4-23.el3
    • bind-chroot-20:9.2.4-23.el3
    • bind-devel-20:9.2.4-23.el3
    • bind-libs-20:9.2.4-23.el3
    • bind-utils-20:9.2.4-23.el3
    • bind-20:9.2.4-30.el4_7.1
    • bind-chroot-20:9.2.4-30.el4_7.1
    • bind-devel-20:9.2.4-30.el4_7.1
    • bind-libs-20:9.2.4-30.el4_7.1
    • bind-utils-20:9.2.4-30.el4_7.1
    • bind-30:9.3.4-6.0.3.P1.el5_2
    • bind-chroot-30:9.3.4-6.0.3.P1.el5_2
    • bind-devel-30:9.3.4-6.0.3.P1.el5_2
    • bind-libbind-devel-30:9.3.4-6.0.3.P1.el5_2
    • bind-libs-30:9.3.4-6.0.3.P1.el5_2
    • bind-sdb-30:9.3.4-6.0.3.P1.el5_2
    • bind-utils-30:9.3.4-6.0.3.P1.el5_2
    • caching-nameserver-30:9.3.4-6.0.3.P1.el5_2
    refmap via4
    apple APPLE-SA-2009-05-12
    bid 33151
    bugtraq
    • 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses
    • 20090120 rPSA-2009-0009-1 bind bind-utils
    • 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim
    cert TA09-133A
    confirm
    fedora FEDORA-2009-0350
    freebsd FreeBSD-SA-09:04
    hp
    • HPSBOV03226
    • SSRT101004
    misc
    secunia
    • 33494
    • 33546
    • 33551
    • 33559
    • 33683
    • 33882
    • 35074
    slackware SSA:2009-014-02
    sunalert 250846
    vupen
    • ADV-2009-0043
    • ADV-2009-0366
    • ADV-2009-0904
    • ADV-2009-1297
    vulnerable_product via4
    • cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*
    Last major update 11-10-2018 - 20:58
    Published 07-01-2009 - 17:30
    Back to Top