Novell Home

CVE-2009-0125

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2009-0125 at MITRE

Description

** DISPUTED ** NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification."

Novell/SUSE information

Novell Bugzilla entry: 465675

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • libnasl-debuginfo >= 2.2.10-59.2
  • libnasl-debugsource >= 2.2.10-59.2
openSUSE 11.0
  • libnasl >= 2.2.10-59.2

© 2014 Novell