CVE-2009-0265

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
iscbind
𝑥
≤ 9.6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33
http://secunia.com/advisories/33559
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362
http://www.mandriva.com/security/advisories?name=MDVSA-2009:037
http://www.vupen.com/english/advisories/2009/0043
https://www.isc.org/node/373
http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/49ef622c8329fd33
http://secunia.com/advisories/33559
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.540362
http://www.mandriva.com/security/advisories?name=MDVSA-2009:037
http://www.vupen.com/english/advisories/2009/0043
https://www.isc.org/node/373