CVE-2009-5077
published 2011-06-08CVE-2009-5077: CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.49%
70.8th percentile
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| creloaded | cre_loaded | <= 6.2 | — |
| creloaded | cre_loaded | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qj44-5xwc-3wgw: CRE Loaded before 6
ghsa_unreviewed·2022-05-02
CVE-2009-5077 [HIGH] CWE-287 GHSA-qj44-5xwc-3wgw: CRE Loaded before 6
CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHP_SELF variable, which is not properly handled by (1) includes/application_top.php and (2) admin/includes/application_top.php.
Red Hat
libnasl: OpenSSL incorrect checks for malformed signatures
vendor_redhat·2009-01-11·CVSS 5.8
CVE-2009-0125 [MEDIUM] libnasl: OpenSSL incorrect checks for malformed signatures
libnasl: OpenSSL incorrect checks for malformed signatures
NOTE: this issue has been disputed by the upstream vendor. nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library (aka libnasl) 2.2.11 does not properly check the return value from the OpenSSL DSA_do_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: the upstream vendor has disputed this issue, stating "while we do misuse this function (this is a bug), it has absolutely no security ramification.
Red Hat
m2crypto: OpenSSL incorrect checks for malformed signatures
vendor_redhat·2009-01-11·CVSS 5.8
CVE-2009-0127 [MEDIUM] m2crypto: OpenSSL incorrect checks for malformed signatures
m2crypto: OpenSSL incorrect checks for malformed signatures
M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.
Statement: Red Hat does not consider this to be a security issue. M2Crypto provides python interfaces to multiple OpenSSL functions. Neither of those interfaces is further used by M2Crypto in an insecure way. Additionally, no application shipped in Red Hat Enterprise Linux is know
Red Hat
boinc-client: Does not check the RSA_public_decrypt() return value.
vendor_redhat·2009-01-11·CVSS 5.8
CVE-2009-0126 [MEDIUM] boinc-client: Does not check the RSA_public_decrypt() return value.
boinc-client: Does not check the RSA_public_decrypt() return value.
The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Red Hat
perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
vendor_redhat·2009-01-11·CVSS 5.8
CVE-2009-0129 [MEDIUM] perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Red Hat
tqsllib: OpenSSL incorrect checks for malformed signatures
vendor_redhat·2009-01-11·CVSS 5.8
CVE-2009-0124 [MEDIUM] tqsllib: OpenSSL incorrect checks for malformed signatures
tqsllib: OpenSSL incorrect checks for malformed signatures
The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Red Hat
ntp incorrectly checks for malformed signatures
vendor_redhat·2009-01-07·CVSS 5.8
CVE-2009-0021 [MEDIUM] ntp incorrectly checks for malformed signatures
ntp incorrectly checks for malformed signatures
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
Red Hat
bind: DSA_do_verify() returns check issue
vendor_redhat·2009-01-07·CVSS 5.8
CVE-2009-0025 [MEDIUM] bind: DSA_do_verify() returns check issue
bind: DSA_do_verify() returns check issue
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Red Hat
evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
vendor_redhat·2008-12-11·CVSS 5.8
CVE-2009-0547 [MEDIUM] evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.
Red Hat
CVE-2009-0265: Internet Systems Consortium (ISC) BIND 9
vendor_redhat·CVSS 5.8
CVE-2009-0265 [MEDIUM] CVE-2009-0265: Internet Systems Consortium (ISC) BIND 9
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
Statement: Not vulnerable. This issue did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-0129 perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
bugzilla·2009-02-17·CVSS 5.8
CVE-2009-0129 [MEDIUM] CVE-2009-0129 perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
CVE-2009-0129 perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519
http://openwall.com/lists/oss-security/2009/01/12/4
http://sourceforge.net/tracker/index.php?func=detail&aid=2545158&group_id=73194&atid=537053
The last is the upstream bug report with an attached patch to fix the issue.
Discussion:
Created attachment 332302
patch from Debian's update to fix the issue
---
perl-Crypt-OpenSSL-DSA-0.13-12.fc10
Bugzilla
CVE-2009-0124 tqsllib: OpenSSL incorrect checks for malformed signatures
bugzilla·2009-01-12·CVSS 5.8
CVE-2009-0124 [MEDIUM] CVE-2009-0124 tqsllib: OpenSSL incorrect checks for malformed signatures
CVE-2009-0124 tqsllib: OpenSSL incorrect checks for malformed signatures
The TrustedQSL library incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a malformed signature
to be treated as a good signature rather than as an error.
Proposed patch:
- if (!EVP_VerifyFinal(&ctx, sig, slen, TQSL_API_TO_CERT(cert)->key)) {
+ if (EVP_VerifyFinal(&ctx, sig, slen, TQSL_API_TO_CERT(cert)->key) <= 0) {
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509
Discussion:
This issue is related with recent OpenSSL's CVE-2008-5077 flaw.
This issue affects all versions of the tqsllib package, as shipped
with Fedora releases of 9, 10 and devel.
Please fix.
---
tqsllib-2.0-5.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/u
Bugzilla
CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures
bugzilla·2008-12-16·CVSS 5.8
CVE-2008-5077 [MEDIUM] CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures
CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures
Draft advisory from OpenSSL team:
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a malformed signature
to be treated as a good signature rather than as an error. This issue
affected the signature checks on DSA and ECDSA keys used with
SSL/TLS.
One way to exploit this flaw would be for a remote attacker who is in
control of a malicious server or who can use a 'man in the middle'
attack to present a malformed SSL/TLS signature from a certificate chain
to a vulnerable client, bypassing validation.
This vulnerability is tracked as CVE-2008-5077.
The OpenSSL security team wou
2011-06-08
Published