Summary
The host is running BIND and is prone to Security Bypass Vulnerability.
Impact
Successful exploitation could allow remote attackers to bypass the certificate validation checks and can cause man-in-the-middle attack via signature checks on DSA and ECDSA keys used with SSL/TLS.
Impact Level: Application
Solution
Upgrade to version 9.6.0 P1, 9.5.1 P1, 9.4.3 P1, 9.3.6 P1 https://www.isc.org/downloadables/11
Insight
The flaw is due to improper validation of return value from OpenSSL's DSA_do_verify and VP_VerifyFinal functions.
Affected
ISC BIND version prior to 9.2 or 9.6.0 P1 or 9.5.1 P1 or 9.4.3 P1 or 9.3.6 P1/Linux
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-5077, CVE-2009-0025, CVE-2009-0265 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Avant Browser Address Bar Spoofing Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)