CVE-2009-0025 — Improper Authentication in Bind

CWE-287 — Improper Authentication11 documents9 sources

Severity

6.8MEDIUMNVD

CNA5.8OSV5.8

EPSS

1.0%

top 23.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJan 7

Latest updateMay 2

Description

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianisc/bind9< 1:9.5.1.dfsg.P1-1+3

▶NVDisc/bind24 versions+23

🔴Vulnerability Details

GHSA

GHSA-hcwf-6ghh-6m6f: BIND 9↗2022-05-02

▶

CVEList

CVE-2009-0025: BIND 9↗2009-01-07

▶

OSV

CVE-2009-0025: BIND 9↗2009-01-07

▶

📋Vendor Advisories

BSD

FreeBSD-SA-09:04.bind: BIND DNSSEC incorrect checks for malformed signatures↗2009-01-13

▶

Ubuntu

Bind vulnerability↗2009-01-09

▶

Red Hat

bind: DSA_do_verify() returns check issue↗2009-01-07

▶

Debian

CVE-2009-0025: bind9 - BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return ...↗2009

▶

Red Hat

CVE-2009-0265: Internet Systems Consortium (ISC) BIND 9↗

▶

💬Community

Bugzilla

Moodle: Multiple security fixes in 1.9.7 and 1.8.11 upstream releases↗2009-12-06

▶

Bugzilla

CVE-2009-0025 bind: DSA_do_verify() returns check issue↗2009-01-06

▶