CVE-2009-0025

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

References

http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://marc.info/?l=bugtraq&m=141879471518471&w=2

http://secunia.com/advisories/33494

http://secunia.com/advisories/33546

http://secunia.com/advisories/33551

http://secunia.com/advisories/33559

http://secunia.com/advisories/33683

http://secunia.com/advisories/33882

http://secunia.com/advisories/35074

http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362

http://sunsolve.sun.com/search/document.do?assetkey=1-26-250846-1

http://support.apple.com/kb/HT3549

http://support.avaya.com/elmodocs2/security/ASA-2009-045.htm

http://wiki.rpath.com/Advisories:rPSA-2009-0009

http://www.ocert.org/advisories/ocert-2008-016.html

http://www.openbsd.org/errata44.html#008_bind

http://www.securityfocus.com/archive/1/499827/100/0/threaded

http://www.securityfocus.com/archive/1/500207/100/0/threaded

http://www.securityfocus.com/archive/1/502322/100/0/threaded

http://www.securityfocus.com/bid/33151

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vmware.com/security/advisories/VMSA-2009-0004.html

http://www.vupen.com/english/advisories/2009/0043

http://www.vupen.com/english/advisories/2009/0366

http://www.vupen.com/english/advisories/2009/0904

http://www.vupen.com/english/advisories/2009/1297

https://issues.rpath.com/browse/RPL-2938

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10879

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5569

https://www.isc.org/software/bind/advisories/cve-2009-0025

https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00393.html

Details

Source: MITRE

Published: 2009-01-07

Updated: 2018-10-11

Type: CWE-287

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.0:rc6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.0.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:rc5:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:rc6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.1:rc7:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.3:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.1.3:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc10:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc5:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc7:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc8:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.0:rc9:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.1:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.3:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:rc4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:rc5:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:rc6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:rc7:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.4:rc8:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.5:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.5:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.6:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.6:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.7:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.7:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.7:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.2.7:rc3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.4.3:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.5.1:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
147379NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Multiple Vulnerabilities (NS-SA-2021-0017)NessusNewStart CGSL Local Security Checks
critical
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
89112VMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)NessusMisc.
high
78228F5 Networks BIG-IP : BIND 9 vulnerability (SOL9754)NessusF5 Networks Local Security Checks
medium
78125F5 Networks BIG-IP : BIND 9 vulnerability (SOL11503)NessusF5 Networks Local Security Checks
medium
67792Oracle Linux 3 / 4 / 5 : bind (ELSA-2009-0020)NessusOracle Linux Local Security Checks
medium
63707AIX 7.1 TL 0 : bind9 (IV11744)NessusAIX Local Security Checks
high
63706AIX 6.1 TL 6 : bind9 (IV11743)NessusAIX Local Security Checks
high
63705AIX 6.1 TL 5 : bind9 (IV11742)NessusAIX Local Security Checks
high
63701AIX 7.1 TL 1 : bind9 (IV10049)NessusAIX Local Security Checks
high
63700AIX 6.1 TL 7 : bind9 (IV09978)NessusAIX Local Security Checks
high
63699AIX 5.3 TL 12 : bind9 (IV09491)NessusAIX Local Security Checks
high
60517Scientific Linux Security Update : bind on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
54870Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2009-014-02)NessusSlackware Local Security Checks
medium
41479SuSE 10 Security Update : bind (ZYPP Patch Number 5905)NessusSuSE Local Security Checks
medium
41266SuSE9 Security Update : bind (YOU Patch Number 12328)NessusSuSE Local Security Checks
medium
40389VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vimNessusVMware ESX Local Security Checks
high
40193openSUSE Security Update : bind (bind-426)NessusSuSE Local Security Checks
medium
39921openSUSE Security Update : bind (bind-426)NessusSuSE Local Security Checks
medium
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38743Mac OS X Multiple Vulnerabilities (Security Update 2009-002)NessusMacOS X Local Security Checks
critical
38735ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation WeaknessNessusDNS
medium
37473Mandriva Linux Security Advisory : bind (MDVSA-2009:002)NessusMandriva Local Security Checks
medium
36411Fedora 10 : bind-9.5.1-1.P1.fc10 (2009-0451)NessusFedora Local Security Checks
medium
36220Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : bind9 vulnerability (USN-706-1)NessusUbuntu Local Security Checks
medium
35812GLSA-200903-14 : BIND: Incorrect signature verificationNessusGentoo Local Security Checks
medium
35589CentOS 3 / 4 / 5 : bind (CESA-2009:0020)NessusCentOS Local Security Checks
medium
35445openSUSE 10 Security Update : bind (bind-5915)NessusSuSE Local Security Checks
medium
35398Fedora 9 : bind-9.5.1-1.P1.fc9 (2009-0350)NessusFedora Local Security Checks
medium
35366Debian DSA-1703-1 : bind9 - interpretation conflictNessusDebian Local Security Checks
medium
35324RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2009:0020)NessusRed Hat Local Security Checks
medium
27094Solaris 9 (x86) : 114265-23NessusSolaris Local Security Checks
medium
26165Solaris 9 (sparc) : 112837-24NessusSolaris Local Security Checks
medium
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high