CVE 2008-5077
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
Related bugs and status
CVE-2008-5077 (Candidate) is related to these bugs:
Bug #314776: OpenSSL signature verification API misuses
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
314776 | OpenSSL signature verification API misuses | openssl (Ubuntu) | High | Fix Released | ||
314776 | OpenSSL signature verification API misuses | ntp (Ubuntu) | Medium | Fix Released | ||
314776 | OpenSSL signature verification API misuses | bind9 (Ubuntu) | Medium | Fix Released | ||
314776 | OpenSSL signature verification API misuses | openslp-dfsg (Ubuntu) | Low | Won't Fix |
Bug #314984: Please merge openssl_0.9.8g-15(main) from debian unstable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
314984 | Please merge openssl_0.9.8g-15(main) from debian unstable | openssl (Ubuntu) | Undecided | Fix Released |
Bug #352919: Update OpenSSL to version 0.9.8g-4ubuntu3.5
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
352919 | Update OpenSSL to version 0.9.8g-4ubuntu3.5 | The Dell Mini Project | Critical | Fix Released |
Bug #363904: [CVE-2008-5077] SLURM Security Flaw
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu) | Medium | Fix Released | ||
363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Hardy) | Medium | Invalid | ||
363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Intrepid) | Medium | Fix Released | ||
363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Jaunty) | Medium | Fix Released | ||
363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Karmic) | Medium | Fix Released |
Bug #1811531: remote execution vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.