CVE-2009-0789

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

http://marc.info/?l=bugtraq&m=124464882609472&w=2

http://marc.info/?l=bugtraq&m=127678688104458&w=2

http://secunia.com/advisories/34411

http://secunia.com/advisories/34460

http://secunia.com/advisories/34666

http://secunia.com/advisories/35065

http://secunia.com/advisories/35380

http://secunia.com/advisories/35729

http://secunia.com/advisories/36701

http://secunia.com/advisories/42724

http://secunia.com/advisories/42733

http://securitytracker.com/id?1021906

http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847

http://support.apple.com/kb/HT3865

http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html

http://www.openssl.org/news/secadv_20090325.txt

http://www.osvdb.org/52866

http://www.php.net/archive/2009.php#id2009-04-08-1

http://www.securityfocus.com/bid/34256

http://www.vupen.com/english/advisories/2009/0850

http://www.vupen.com/english/advisories/2009/1020

http://www.vupen.com/english/advisories/2009/1175

http://www.vupen.com/english/advisories/2009/1548

https://exchange.xforce.ibmcloud.com/vulnerabilities/49433

https://kb.bluecoat.com/index?page=content&id=SA50

Details

Source: MITRE

Published: 2009-03-27

Updated: 2017-08-17

Type: CWE-189

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8j (inclusive)

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
75802openSUSE Security Update : compat-openssl097g (openSUSE-SU-2011:0845-1)NessusSuSE Local Security Checks
medium
75453openSUSE Security Update : compat-openssl097g (openSUSE-SU-2011:0845-1)NessusSuSE Local Security Checks
medium
17765OpenSSL < 0.9.8l Multiple VulnerabilitiesNessusWeb Servers
medium
17763OpenSSL < 0.9.8k Multiple VulnerabilitiesNessusWeb Servers
medium
57170SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 7645)NessusSuSE Local Security Checks
medium
55715SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 7644)NessusSuSE Local Security Checks
medium
55711SuSE 11.1 Security Update : compat-openssl097g (SAT Patch Number 4913)NessusSuSE Local Security Checks
medium
41571SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6179)NessusSuSE Local Security Checks
medium
41491SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 6170)NessusSuSE Local Security Checks
medium
41423SuSE 11 Security Update : OpenSSL (SAT Patch Number 772)NessusSuSE Local Security Checks
medium
41376SuSE 11 Security Update : OpenSSL (SAT Patch Number 789)NessusSuSE Local Security Checks
medium
41293SuSE9 Security Update : OpenSSL (YOU Patch Number 12397)NessusSuSE Local Security Checks
medium
40945Mac OS X Multiple Vulnerabilities (Security Update 2009-005)NessusMacOS X Local Security Checks
critical
40260openSUSE Security Update : libopenssl-devel (libopenssl-devel-786)NessusSuSE Local Security Checks
medium
40204openSUSE Security Update : compat-openssl097g (compat-openssl097g-788)NessusSuSE Local Security Checks
medium
40033openSUSE Security Update : libopenssl-devel (libopenssl-devel-785)NessusSuSE Local Security Checks
medium
39938openSUSE Security Update : compat-openssl097g (compat-openssl097g-788)NessusSuSE Local Security Checks
medium
38646openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6173)NessusSuSE Local Security Checks
medium
38643openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-6175)NessusSuSE Local Security Checks
medium
36104Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : openssl (SSA:2009-098-01)NessusSlackware Local Security Checks
medium