CVE-2009-0126 — Improper Authentication in Boinc

CWE-287 — Improper Authentication7 documents6 sources

Severity

5.0MEDIUMNVD

OSV5.8

EPSS

0.5%

top 33.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Berkeley Boinc Client Debian Boinc

Timeline

PublishedJan 15

Latest updateMay 2

Description

The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianberkeley/boinc_client< 6.2.14-3+3

▶NVDberkeley/boinc_client6.2.14, 6.4.5+1

▶debiandebian/boinc< boinc 6.2.14-3 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-gpcp-59gr-fj3v: The decrypt_public function in lib/crypt↗2022-05-02

▶

OSV

CVE-2009-0126: The decrypt_public function in lib/crypt↗2009-01-15

▶

📋Vendor Advisories

Red Hat

boinc-client: Does not check the RSA_public_decrypt() return value.↗2009-01-11

▶

Debian

CVE-2009-0126: boinc - The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infr...↗2009

▶

💬Community

Bugzilla

CVE-2009-3722 KVM: Check cpl before emulating debug register access↗2009-10-29

▶

Bugzilla

CVE-2009-0126 boinc-client: Does not check the RSA_public_decrypt() return value.↗2009-01-12

▶