ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness
Medium Nessus Plugin ID 38735
SynopsisThe remote name server is affected by a signature validation weakness.
DescriptionAccording to its version number, the remote installation of BIND does not properly check the return value from the OpenSSL library functions 'EVP_VerifyFinal()' and 'DSA_do_verify()'. A remote attacker may be able to exploit this weakness to spoof answers returned from zones for signature checks on DSA and ECDSA keys used with SSL / TLS.
SolutionUpgrade to BIND 9.3.6-P1 / 9.4.3-P1 / 9.5.1-P1 / 9.6.0-P1 or later.