Vulnerabilities > CVE-2008-1184 - Credentials Management vulnerability in Dnssec-Tools
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-1758.NASL description 1.3.2 release which contains a small set of fixes over the 1.3 release. The biggest of these fixes is a patch to the libval DNSSEC validation library to ensure that the signature that validates it is a signature of the trust anchor itself. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31171 published 2008-02-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31171 title Fedora 7 : dnssec-tools-1.3.2-1.fc7 (2008-1758) NASL family Fedora Local Security Checks NASL id FEDORA_2008-1771.NASL description 1.3.2 release which contains a small set of fixes over the 1.3 release. The biggest of these fixes is a patch to the libval DNSSEC validation library to ensure that the signature that validates it is a signature of the trust anchor itself. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31172 published 2008-02-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31172 title Fedora 8 : dnssec-tools-1.3.2-1.fc8 (2008-1771)
References
- http://secunia.com/advisories/29095
- http://secunia.com/advisories/29127
- http://sourceforge.net/mailarchive/forum.php?thread_name=sdlk5lolzj.fsf%40wes.hardakers.net&forum_name=dnssec-tools-users
- http://www.securityfocus.com/bid/27998
- http://www.vupen.com/english/advisories/2008/0673/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40836
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00820.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00845.html