Libcrypt-openssl-dsa-perl Security Bypass Vulnerability In OpenSSL Network Vulnerability

Summary

This host has OpenSSL installed and is prone to security bypass vulnerability.

Impact

Successful exploitation will let the attacker spoof the user data with malicious DSA signature to gain access to user's sensitive information. Impact Level: Application

Solution

Upgrade to version 0.9.8j http://www.openssl.org/source/

Insight

The flaw is due to libcrypt-openssl-dsa-perl which does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions.

Affected

OpenSSL version prior to 0.9.8j on Linux.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519
http://openwall.com/lists/oss-security/2009/01/12/4

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5077, CVE-2009-0129

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)

libcrypt-openssl-dsa-perl Security Bypass Vulnerability in OpenSSL

Take action and discover your vulnerabilities