FKIE_CVE-2009-0047

Vulnerability from fkie_nvd - Published: 2009-01-07 18:30 - Updated: 2026-06-16 23:04
Severity
Summary
Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
Impacted products
Vendor Product Version
gale gale *
gale gale 0.15
gale gale 0.15b
gale gale 0.15c
gale gale 0.16
gale gale 0.16a
gale gale 0.17
gale gale 0.17a
gale gale 0.18
gale gale 0.18b
gale gale 0.18c
gale gale 0.19
gale gale 0.19a
gale gale 0.19b
gale gale 0.20a
gale gale 0.21
gale gale 0.90a
gale gale 0.90b
gale gale 0.90c
gale gale 0.91
gale gale 0.91a
gale gale 0.91b

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gale:gale:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7E884BE-3B56-4CC1-BE9B-2F4604AB8150",
              "versionEndIncluding": "0.99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1287BEFC-BF7E-4C5C-AC50-22F3301C2DCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.15b:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DD905A-4DFF-4EA1-96F2-894145916197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.15c:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14E9CB4-55A5-4914-AA0B-79938149590A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "407DE223-5C67-4F10-8B98-750D1FBE4F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.16a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93715E6-9528-4922-A049-119418DC7254",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BA200F-0BD1-48B1-A91F-26F0128FF4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.17a:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DCE57E-D944-4329-977B-12A76853D3F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A76AC49-2A31-404D-BE12-4B795B388116",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.18b:*:*:*:*:*:*:*",
              "matchCriteriaId": "469CB01B-318D-407E-BB38-6B2F6AB4D3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.18c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9EC778-2D17-4F1C-9DBE-74461A379EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "B351A3DE-3D31-4B94-A1EA-04AFA98D00C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.19a:*:*:*:*:*:*:*",
              "matchCriteriaId": "165C0D9D-D0A4-4ECF-B4F7-5A3E621F6B8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.19b:*:*:*:*:*:*:*",
              "matchCriteriaId": "921BA5E1-2469-42D3-8228-BC122C8CED39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "53F8F572-DE5A-45ED-8A90-B6C888026100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "314A3314-5968-4F24-9958-E1997C20EF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.90a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A84B5B-8864-4E1C-95C1-18BCCCC8CFF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.90b:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB50FB6-E388-4735-B0D5-0875479281E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.90c:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1090853-1367-4B94-BC3C-4CCFB5A43CA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "028853B7-2544-4010-A71F-D8CF78B01AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.91a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8B4AE9-0142-4405-8201-039A332A0EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gale:gale:0.91b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C319A57-C69D-4786-9232-8E5278C03AD4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077."
    },
    {
      "lang": "es",
      "value": "Gale versi\u00f3n 0.99 y anteriores, no comprueba apropiadamente el valor devuelto de la funci\u00f3n EVP_VerifyFinal de OpenSSL, que permite a los atacantes remotos omitir la comprobaci\u00f3n de la cadena de certificados mediante una firma de SSL/TLS malformada para las claves DSA y ECDSA, una vulnerabilidad similar a CVE-2008-5077."
    }
  ],
  "id": "CVE-2009-0047",
  "lastModified": "2026-06-16T23:04:09.750",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-07T18:30:13.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.ocert.org/advisories/ocert-2008-016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ocert.org/advisories/ocert-2008-016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0046"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        },
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…