Vulnerabilities

CVE-2009-0265

by Fred · 26/01/2009

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.

Date published : 2009-01-26

https://www.isc.org/node/373

http://www.mandriva.com/security/advisories?name=MDVSA-2009:037

Similar

Tags: Cybersecurity Alert