// For flags

CVE-2009-0025

bind: DSA_do_verify() returns check issue

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3 y versiones anteriores no comprueba adecuadamente el valor de retorno de la función OpenSSL DSA_verify, lo que permite a atacantes remotos eludir la validación de la cadena del certificado a través de una firma SSL/TLS mal formada, una vulnerabilidad similar a CVE-2008-5077.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-12-15 CVE Reserved
  • 2009-01-07 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
References (35)
URL Tag Source
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33 X_refsource_misc
http://secunia.com/advisories/33494 Third Party Advisory
http://secunia.com/advisories/33546 Third Party Advisory
http://secunia.com/advisories/33551 Third Party Advisory
http://secunia.com/advisories/33559 Third Party Advisory
http://secunia.com/advisories/33683 Third Party Advisory
http://secunia.com/advisories/33882 Third Party Advisory
http://secunia.com/advisories/35074 Third Party Advisory
http://support.apple.com/kb/HT3549 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0009 X_refsource_confirm
http://www.ocert.org/advisories/ocert-2008-016.html X_refsource_misc
http://www.openbsd.org/errata44.html#008_bind X_refsource_confirm
http://www.securityfocus.com/archive/1/499827/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/500207/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/502322/100/0/threaded Mailing List
http://www.securityfocus.com/bid/33151 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0004.html X_refsource_confirm
http://www.vupen.com/english/advisories/2009/0043 Vdb Entry
http://www.vupen.com/english/advisories/2009/0366 Vdb Entry
http://www.vupen.com/english/advisories/2009/0904 Vdb Entry
http://www.vupen.com/english/advisories/2009/1297 Vdb Entry
https://issues.rpath.com/browse/RPL-2938 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569 Signature
https://www.isc.org/software/bind/advisories/cve-2009-0025 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html 2018-10-11
http://marc.info/?l=bugtraq&m=141879471518471&w=2 2018-10-11
http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc 2018-10-11
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362 2018-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html 2018-10-11
https://access.redhat.com/security/cve/CVE-2009-0025 2009-01-08
https://bugzilla.redhat.com/show_bug.cgi?id=478984 2009-01-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0
Search vendor "Isc" for product "Bind" and version "9.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.0
Search vendor "Isc" for product "Bind" and version "9.0.0"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.0
Search vendor "Isc" for product "Bind" and version "9.0.0"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.0
Search vendor "Isc" for product "Bind" and version "9.0.0"
rc3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.0
Search vendor "Isc" for product "Bind" and version "9.0.0"
rc4
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.0
Search vendor "Isc" for product "Bind" and version "9.0.0"
rc5
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.0
Search vendor "Isc" for product "Bind" and version "9.0.0"
rc6
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.1
Search vendor "Isc" for product "Bind" and version "9.0.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.1
Search vendor "Isc" for product "Bind" and version "9.0.1"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.0.1
Search vendor "Isc" for product "Bind" and version "9.0.1"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1
Search vendor "Isc" for product "Bind" and version "9.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.0
Search vendor "Isc" for product "Bind" and version "9.1.0"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
rc3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
rc4
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
rc5
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
rc6
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.1
Search vendor "Isc" for product "Bind" and version "9.1.1"
rc7
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.2
Search vendor "Isc" for product "Bind" and version "9.1.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.2
Search vendor "Isc" for product "Bind" and version "9.1.2"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.3
Search vendor "Isc" for product "Bind" and version "9.1.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.3
Search vendor "Isc" for product "Bind" and version "9.1.3"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.3
Search vendor "Isc" for product "Bind" and version "9.1.3"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.1.3
Search vendor "Isc" for product "Bind" and version "9.1.3"
rc3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
a1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
a2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
a3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
b1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
b2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc10
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc4
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc5
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc6
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc7
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc8
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.0
Search vendor "Isc" for product "Bind" and version "9.2.0"
rc9
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.1
Search vendor "Isc" for product "Bind" and version "9.2.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.1
Search vendor "Isc" for product "Bind" and version "9.2.1"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.1
Search vendor "Isc" for product "Bind" and version "9.2.1"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.2
Search vendor "Isc" for product "Bind" and version "9.2.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.2
Search vendor "Isc" for product "Bind" and version "9.2.2"
p2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.2
Search vendor "Isc" for product "Bind" and version "9.2.2"
p3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.2
Search vendor "Isc" for product "Bind" and version "9.2.2"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.3
Search vendor "Isc" for product "Bind" and version "9.2.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.3
Search vendor "Isc" for product "Bind" and version "9.2.3"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.3
Search vendor "Isc" for product "Bind" and version "9.2.3"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.3
Search vendor "Isc" for product "Bind" and version "9.2.3"
rc3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.3
Search vendor "Isc" for product "Bind" and version "9.2.3"
rc4
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
rc3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
rc4
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
rc5
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
rc6
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
rc7
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.4
Search vendor "Isc" for product "Bind" and version "9.2.4"
rc8
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.5
Search vendor "Isc" for product "Bind" and version "9.2.5"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.5
Search vendor "Isc" for product "Bind" and version "9.2.5"
b2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.5
Search vendor "Isc" for product "Bind" and version "9.2.5"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.6
Search vendor "Isc" for product "Bind" and version "9.2.6"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.6
Search vendor "Isc" for product "Bind" and version "9.2.6"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.7
Search vendor "Isc" for product "Bind" and version "9.2.7"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.7
Search vendor "Isc" for product "Bind" and version "9.2.7"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.7
Search vendor "Isc" for product "Bind" and version "9.2.7"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.2.7
Search vendor "Isc" for product "Bind" and version "9.2.7"
rc3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4
Search vendor "Isc" for product "Bind" and version "9.4"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
a1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
a2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
a3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
a4
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
a5
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
a6
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
b1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
b2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
b3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
b4
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.0
Search vendor "Isc" for product "Bind" and version "9.4.0"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.1
Search vendor "Isc" for product "Bind" and version "9.4.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.2
Search vendor "Isc" for product "Bind" and version "9.4.2"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.2
Search vendor "Isc" for product "Bind" and version "9.4.2"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.2
Search vendor "Isc" for product "Bind" and version "9.4.2"
rc2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.3
Search vendor "Isc" for product "Bind" and version "9.4.3"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.3
Search vendor "Isc" for product "Bind" and version "9.4.3"
b1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.3
Search vendor "Isc" for product "Bind" and version "9.4.3"
b2
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.3
Search vendor "Isc" for product "Bind" and version "9.4.3"
b3
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.4.3
Search vendor "Isc" for product "Bind" and version "9.4.3"
rc1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5.0
Search vendor "Isc" for product "Bind" and version "9.5.0"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.5.1
Search vendor "Isc" for product "Bind" and version "9.5.1"
-
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 9.6.0
Search vendor "Isc" for product "Bind" and version "9.6.0"
-
Affected