1 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. libcrypt-openssl-dsa-perl no comprueba adecuadamente el valor de retorno de las funciones OpenSSL_DSA_verify y DSA_do_verify, lo que permitiria a atacantes remotos evitar la validacion de la cadena de certificados a traves de una firma SSL/TLS malformada, similar a la vulnerabilidad CVE-2008-5077. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519 http://openwall.com/lists/oss-security/2009/01/12/4 • CWE-287: Improper Authentication •