CVE-2009-0124

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509

http://openwall.com/lists/oss-security/2009/01/12/4

http://secunia.com/advisories/33543

https://bugzilla.redhat.com/show_bug.cgi?id=479650

https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00557.html

Details

Source: MITRE

Published: 2009-01-15

Updated: 2009-02-06

Type: CWE-287

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:arrl:tqsllib:2.0:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
108014Solaris 10 (x86) : 139501-02NessusSolaris Local Security Checks
medium
67793Oracle Linux 4 / 5 : ntp (ELSA-2009-0046)NessusOracle Linux Local Security Checks
medium
67792Oracle Linux 3 / 4 / 5 : bind (ELSA-2009-0020)NessusOracle Linux Local Security Checks
medium
67783Oracle Linux 3 / 4 / 5 : openssl (ELSA-2009-0004)NessusOracle Linux Local Security Checks
medium
43728CentOS 4 / 5 : ntp (CESA-2009:0046)NessusCentOS Local Security Checks
medium
40389VMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vimNessusVMware ESX Local Security Checks
high
38118Solaris 10 (sparc) : 139500-04NessusSolaris Local Security Checks
medium
37876Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : ntp vulnerability (USN-705-1)NessusUbuntu Local Security Checks
medium
36555Solaris 10 (x86) : 139501-02NessusSolaris Local Security Checks
medium
36220Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : bind9 vulnerability (USN-706-1)NessusUbuntu Local Security Checks
medium
35589CentOS 3 / 4 / 5 : bind (CESA-2009:0020)NessusCentOS Local Security Checks
medium
35551RHEL 4 / 5 : ntp (RHSA-2009:0046)NessusRed Hat Local Security Checks
medium
35400Fedora 9 : tqsllib-2.0-5.fc9 (2009-0543)NessusFedora Local Security Checks
medium
35365Debian DSA-1702-1 : ntp - interpretation conflictNessusDebian Local Security Checks
medium
35364Debian DSA-1701-1 : openssl, openssl097 - interpretation conflictNessusDebian Local Security Checks
medium
35324RHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2009:0020)NessusRed Hat Local Security Checks
medium
35316RHEL 2.1 / 3 / 4 / 5 : openssl (RHSA-2009:0004)NessusRed Hat Local Security Checks
medium
35310CentOS 3 / 4 / 5 : openssl (CESA-2009:0004)NessusCentOS Local Security Checks
medium