Vulnerabilities > CVE-2009-0047 - Cryptographic Issues vulnerability in Gale

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gale

CWE-310

nessus

NVD

Published: 2009-01-07

Updated: 2024-11-21

Summary

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

Vulnerable Configurations

Part	Description	Count
Application	Gale Gale Gale 0.18C Gale Gale 0.17 Gale Gale 0.20A Gale Gale 0.19B Gale Gale 0.21 Gale Gale * Gale Gale 0.15B Gale Gale 0.90B Gale Gale 0.91B Gale Gale 0.19 Gale Gale 0.18B Gale Gale 0.90A Gale Gale 0.15 Gale Gale 0.90C Gale Gale 0.17A Gale Gale 0.91 Gale Gale 0.15C Gale Gale 0.18 Gale Gale 0.91A Gale Gale 0.16A Gale Gale 0.19A Gale Gale 0.16	22

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	VMware ESX Local Security Checks
NASL id	VMWARE_VMSA-2009-0004.NASL
description	a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved
last seen	2020-06-01
modified	2020-06-02
plugin id	40389
published	2009-07-27
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40389
title	VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2009-0004. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(40389); script_version("1.28"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2007-2953", "CVE-2008-2712", "CVE-2008-3432", "CVE-2008-4101", "CVE-2008-5077", "CVE-2009-0021", "CVE-2009-0025", "CVE-2009-0046", "CVE-2009-0047", "CVE-2009-0048", "CVE-2009-0049", "CVE-2009-0050", "CVE-2009-0051", "CVE-2009-0124", "CVE-2009-0125", "CVE-2009-0127", "CVE-2009-0128", "CVE-2009-0130"); script_bugtraq_id(25095, 33150, 33151); script_xref(name:"VMSA", value:"2009-0004"); script_name(english:"VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved's (Vim) keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4101 to this issue. A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name, when opened by Vim causes the application to stop responding or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3432 to this issue. Several input flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2712 to this issue. A format string flaw was discovered in Vim's help tag processor. If a user was tricked into executing the 'helptags' command on malicious data, arbitrary code could be executed with the permissions of the user running VIM. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2953 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000077.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 119, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:2.5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2009-03-31"); flag = 0; if (esx_check(ver:"ESX 2.5.5", patch:"13")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1008406")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1008408")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1008409")) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200903403-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200903405-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.0.3", patch : "ESX303-200903406-SG", patch_updates : make_list("ESX303-Rollup01", "ESX303-Update01") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200904406-SG", patch_updates : make_list("ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200904407-SG", patch_updates : make_list("ESX350-201002404-SG", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200904408-SG", patch_updates : make_list("ESX350-201012401-SG", "ESX350-Update05", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 4.0", patch : "ESX400-200912402-SG", patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04") ) ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_139501-02.NASL
description	SunOS 5.10_x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09
last seen	2020-06-01
modified	2020-06-02
plugin id	108014
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108014
title	Solaris 10 (x86) : 139501-02
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(108014); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:25"); script_cve_id("CVE-2008-5077", "CVE-2009-0021", "CVE-2009-0046", "CVE-2009-0047", "CVE-2009-0048", "CVE-2009-0049", "CVE-2009-0124", "CVE-2009-0125", "CVE-2009-0127", "CVE-2009-0128", "CVE-2009-0130"); script_name(english:"Solaris 10 (x86) : 139501-02"); script_summary(english:"Check for patch 139501-02"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 139501-02" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1020011.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 139501-02"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_cwe_id(20, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138123"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:138863"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:139501"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/02/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWcry", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWopenssl-commands", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWopenssl-include", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"139501-02", obsoleted_by:"141525-05 140119-06 142910-17 ", package:"SUNWopenssl-libraries", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcry / SUNWopenssl-commands / SUNWopenssl-include / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-0004.NASL
description	Updated OpenSSL packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a
last seen	2020-06-01
modified	2020-06-02
plugin id	35310
published	2009-01-08
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35310
title	CentOS 3 / 4 / 5 : openssl (CESA-2009:0004)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-0020.NASL
description	From Red Hat Security Advisory 2009:0020 : Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	67792
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67792
title	Oracle Linux 3 / 4 / 5 : bind (ELSA-2009-0020)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-0020.NASL
description	Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	35589
published	2009-02-05
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35589
title	CentOS 3 / 4 / 5 : bind (CESA-2009:0020)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-0004.NASL
description	From Red Hat Security Advisory 2009:0004 : Updated OpenSSL packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a
last seen	2020-06-01
modified	2020-06-02
plugin id	67783
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67783
title	Oracle Linux 3 / 4 / 5 : openssl (ELSA-2009-0004)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-0004.NASL
description	Updated OpenSSL packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a
last seen	2020-06-01
modified	2020-06-02
plugin id	35316
published	2009-01-08
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35316
title	RHEL 2.1 / 3 / 4 / 5 : openssl (RHSA-2009:0004)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_139500.NASL
description	SunOS 5.10: openssl patch. Date this patch was last updated by Sun : Apr/01/09
last seen	2018-09-01
modified	2018-08-13
plugin id	38118
published	2009-04-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=38118
title	Solaris 10 (sparc) : 139500-04

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-705-1.NASL
description	It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	37876
published	2009-04-23
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/37876
title	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : ntp vulnerability (USN-705-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2009-0046.NASL
description	Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol (NTP) is used to synchronize a computer
last seen	2020-06-01
modified	2020-06-02
plugin id	43728
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43728
title	CentOS 4 / 5 : ntp (CESA-2009:0046)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2009-0046.NASL
description	From Red Hat Security Advisory 2009:0046 : Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol (NTP) is used to synchronize a computer
last seen	2020-06-01
modified	2020-06-02
plugin id	67793
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67793
title	Oracle Linux 4 / 5 : ntp (ELSA-2009-0046)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1702.NASL
description	It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. (Note that cryptographic authentication of time servers is often not enabled in the first place.)
last seen	2020-06-01
modified	2020-06-02
plugin id	35365
published	2009-01-14
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35365
title	Debian DSA-1702-1 : ntp - interpretation conflict

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-706-1.NASL
description	It was discovered that Bind did not properly perform signature verification. When DNSSEC with DSA signatures are in use, a remote attacker could exploit this to bypass signature validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	36220
published	2009-04-23
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36220
title	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : bind9 vulnerability (USN-706-1)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-0020.NASL
description	Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically.
last seen	2020-06-01
modified	2020-06-02
plugin id	35324
published	2009-01-09
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35324
title	RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2009:0020)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2009-0046.NASL
description	Updated ntp packages to correct a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol (NTP) is used to synchronize a computer
last seen	2020-06-01
modified	2020-06-02
plugin id	35551
published	2009-01-29
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35551
title	RHEL 4 / 5 : ntp (RHSA-2009:0046)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_139501.NASL
description	SunOS 5.10_x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09
last seen	2018-09-02
modified	2018-08-13
plugin id	36555
published	2009-04-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=36555
title	Solaris 10 (x86) : 139501-02

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1701.NASL
description	It was discovered that OpenSSL does not properly verify DSA signatures on X.509 certificates due to an API misuse, potentially leading to the acceptance of incorrect X.509 certificates as genuine (CVE-2008-5077 ).
last seen	2020-06-01
modified	2020-06-02
plugin id	35364
published	2009-01-14
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/35364
title	Debian DSA-1701-1 : openssl, openssl097 - interpretation conflict

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References