Vulnerability-Lookup

CVE-2009-0591 (GCVE-0-2009-0591)

Vulnerability from cvelistv5 – Published: 2009-03-27 16:00 – Updated: 2024-08-07 04:40

Summary

The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://marc.info/?l=bugtraq&m=124464882609472&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2009/0850	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2009/1175	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/42724	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://sourceforge.net/project/shownotes.php?rele…	x_refsource_CONFIRM
	http://secunia.com/advisories/34666	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=124464882609472&w=2	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2009/1020	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/35729	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35380	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=127678688104458&w=2	vendor-advisoryx_refsource_HP
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/35065	third-party-advisoryx_refsource_SECUNIA
	http://www.php.net/archive/2009.php#id2009-04-08-1	x_refsource_CONFIRM
	http://secunia.com/advisories/34411	third-party-advisoryx_refsource_SECUNIA
	ftp://ftp.netbsd.org/pub/NetBSD/security/advisori…	vendor-advisoryx_refsource_NETBSD
	http://www.osvdb.org/52865	vdb-entryx_refsource_OSVDB
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://voodoo-circle.sourceforge.net/sa/sa-200903…	x_refsource_CONFIRM
	http://support.apple.com/kb/HT3865	x_refsource_CONFIRM
	http://www.openssl.org/news/secadv_20090325.txt	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1548	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/36701	third-party-advisoryx_refsource_SECUNIA
	https://kb.bluecoat.com/index?page=content&id=SA50	x_refsource_CONFIRM
	http://secunia.com/advisories/34460	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/34256	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1021907	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/42733	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:40:05.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT090059",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-0850",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0850"
          },
          {
            "name": "ADV-2009-1175",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1175"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "openssl-cmsverify-security-bypass(49432)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
          },
          {
            "name": "34666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34666"
          },
          {
            "name": "HPSBUX02435",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "ADV-2009-1020",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1020"
          },
          {
            "name": "35729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "35380",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35380"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "APPLE-SA-2009-09-10-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
          },
          {
            "name": "34411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34411"
          },
          {
            "name": "NetBSD-SA2009-008",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
          },
          {
            "name": "52865",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/52865"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20090325.txt"
          },
          {
            "name": "ADV-2009-1548",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1548"
          },
          {
            "name": "36701",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "34460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34460"
          },
          {
            "name": "34256",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34256"
          },
          {
            "name": "1021907",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021907"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSRT090059",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-0850",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0850"
        },
        {
          "name": "ADV-2009-1175",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1175"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "openssl-cmsverify-security-bypass(49432)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
        },
        {
          "name": "34666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34666"
        },
        {
          "name": "HPSBUX02435",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
        },
        {
          "name": "ADV-2009-1020",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1020"
        },
        {
          "name": "35729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35729"
        },
        {
          "name": "35380",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35380"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "APPLE-SA-2009-09-10-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
        },
        {
          "name": "34411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34411"
        },
        {
          "name": "NetBSD-SA2009-008",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
        },
        {
          "name": "52865",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/52865"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3865"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20090325.txt"
        },
        {
          "name": "ADV-2009-1548",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1548"
        },
        {
          "name": "36701",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36701"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "34460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34460"
        },
        {
          "name": "34256",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34256"
        },
        {
          "name": "1021907",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021907"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0591",
    "datePublished": "2009-03-27T16:00:00.000Z",
    "dateReserved": "2009-02-13T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:40:05.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-120

Vulnerability from certfr_avis - Published: 2009-03-26 - Updated: 2009-06-17

Plusieurs vulnérabilités dans OpenSSL permettent à une personne malintentionnée d'effectuer un déni de service à distance ou de contouner la politique de sécurité.

Description

Plusieurs vulnérabilités ont été découvertes dans OpenSSL :

une erreur dans la fonction ASN1_STRING_print_ex() permet de provoquer un arrêt inopiné de l'application (crash) ;
une vulnérabilité dans la gestion des erreurs permet dans certaines conditions de faire passer une fausse signature pour valide ;
une erreur dans la gestion des structures ANS1 mal formées permet de provoquer un arrêt inopiné de l'application (crash).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

OpenSSL versions antérieures à la 0.9.8k.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 25 mars 2009	None	vendor-advisory
Bulletin de sécurité Gentoo GLSA-200904-08 du 07 avril 2009 :	-	other
Bulletin de sécurité Mandriva MDVSA-2009:087 du 03 avril 2009 :	-	other
Bulletin de sécurité FreeBSD FreeBSD-SA-09:08.opensll du 22 avril 2009 :	-	other
Bulletin de sécurité Sun #258048 du 04 mai 2009 :	-	other
Bulletin de sécurité OpenSuse SUSE-SR:2009:010 du 12 mai 2009 :	-	other
Bulletin de sécurité Debian DSA-1763 du 06 avril 2009 :	-	other
Bulletin de sécurité OpenBSD #012_OpenSSL du 08 avril 2009 :	-	other
Bulletin de sécurité HP SSRT090059 du 10 juin 2009 :	-	other
Bulletin de sécurité Ubuntu USN-750-1 du 30 mars 2009 :	-	other
Bulletin de sécurité OpenBSD #001_OpenSSL du 08 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eOpenSSL versions ant\u00e9rieures \u00e0 la 0.9.8k.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL :\n\n-   une erreur dans la fonction ASN1_STRING_print_ex() permet de\n    provoquer un arr\u00eat inopin\u00e9 de l\u0027application (crash) ;\n-   une vuln\u00e9rabilit\u00e9 dans la gestion des erreurs permet dans certaines\n    conditions de faire passer une fausse signature pour valide ;\n-   une erreur dans la gestion des structures ANS1 mal form\u00e9es permet de\n    provoquer un arr\u00eat inopin\u00e9 de l\u0027application (crash).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    }
  ],
  "initial_release_date": "2009-03-26T00:00:00",
  "last_revision_date": "2009-06-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200904-08 du 07 avril 2009    :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200904-08.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2009:087 du 03 avril    2009 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:087"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD FreeBSD-SA-09:08.opensll du 22    avril 2009 :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:08.opensll.asc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #258048 du 04 mai 2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258048-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSuse SUSE-SR:2009:010 du 12 mai    2009 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1763 du 06 avril 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1763"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD #012_OpenSSL du 08 avril 2009    :",
      "url": "http://www.openbsd.org/errata44.html#012_openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP SSRT090059 du 10 juin 2009 :",
      "url": "https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c017626423"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-750-1 du 30 mars 2009 :",
      "url": "http://www.ubuntu.com/usn/usn-750-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenBSD #001_OpenSSL du 08 avril 2009    :",
      "url": "http://www.openbsd.org/errata45.html#001_openssl"
    }
  ],
  "reference": "CERTA-2009-AVI-120",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-03-26T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, Debian, Ubuntu, Sun, FreeBSD et OpenBSD.",
      "revision_date": "2009-05-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva, HP et Suse.",
      "revision_date": "2009-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans OpenSSL permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027effectuer un d\u00e9ni de service \u00e0 distance ou de\ncontouner la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 25 mars 2009",
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    }
  ]
}

CERTA-2010-AVI-627

Vulnerability from certfr_avis - Published: 2010-12-23 - Updated: 2010-12-23

De nombreuses vulnérabilités, liées à l'utilisation de versions anciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus dommageables permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Solution

Pour la version 9, la révision 9.2.4.1 remédie à ces vulnérabilités. Le correctif de la version 8 n'est pas encore disponible.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Blue Coat Reporter, versions 8.x et 9.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA50 du 19 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBlue Coat Reporter, versions 8.x et  9.x.\u003c/p\u003e",
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nPour la version 9, la r\u00e9vision 9.2.4.1 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s. Le\ncorrectif de la version 8 n\u0027est pas encore disponible.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-4355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4355"
    }
  ],
  "initial_release_date": "2010-12-23T00:00:00",
  "last_revision_date": "2010-12-23T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-627",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Blue Coat Reporter",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA50 du 19 novembre 2010",
      "url": "http://kb.bluecoat.com/index?page=content\u0026id=SA50"
    }
  ]
}

CERTA-2010-AVI-268

Vulnerability from certfr_avis - Published: 2010-06-17 - Updated: 2010-06-17

De multiples vulnérabilités ont été découvertes dans HP SSL pour OpenVMS.

Description

De multiples vulnérabilités ont été découvertes dans HP SSL pour OpenVMS. Une personne malveillante peut exploiter ces vulnérabilités pour provoquer un déni de service à distance, ou contourner la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et supérieures ;
	N/A	N/A	HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et supérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité HP c02227287 du 16 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et sup\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et sup\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS. Une personne malveillante peut exploiter ces vuln\u00e9rabilit\u00e9s\npour provoquer un d\u00e9ni de service \u00e0 distance, ou contourner la politique\nde s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    }
  ],
  "initial_release_date": "2010-06-17T00:00:00",
  "last_revision_date": "2010-06-17T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-268",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP SSL pour OpenVMS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02227287 du 16 juin 2010",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02227287"
    }
  ]
}

CERTA-2009-AVI-382

Vulnerability from certfr_avis - Published: 2009-09-11 - Updated: 2009-09-11

De multiples vulnérabilités permettant entre autres l'exécution de code arbitraire à distance ont été corrigées dans MacOS X.

Description

Plusieurs vulnérabilités d'applications contenues dans MacOS X ont été corrigées. MacOS X 10.6 n'est concerné que par les failles affectant le plugin Flash Player. Les vulnérabilités permettent notamment l'exécution de code arbitraire à distance, l'élévation de privilèges et l'injection de code indirecte.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	MacOS X Server 10.4.x (Universal) ;
Apple	macOS	MacOS X 10.5.8 ;
Apple	macOS	MacOS X 10.4.11 ;
Apple	macOS	MacOS X 10.6.
Apple	macOS	MacOS X Server 10.5 ;
Apple	macOS	MacOS X Server 10.4.x (PowerPC) ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3865 du 10 septembre 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3864 du 11 septembre 2009	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MacOS X Server 10.4.x (Universal) ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.5.8 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.4.11 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X Server 10.4.x (PowerPC) ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s d\u0027applications contenues dans MacOS X ont \u00e9t\u00e9\ncorrig\u00e9es. MacOS X 10.6 n\u0027est concern\u00e9 que par les failles affectant le\nplugin Flash Player. Les vuln\u00e9rabilit\u00e9s permettent notamment l\u0027ex\u00e9cution\nde code arbitraire \u00e0 distance, l\u0027\u00e9l\u00e9vation de privil\u00e8ges et l\u0027injection\nde code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1864"
    },
    {
      "name": "CVE-2009-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2804"
    },
    {
      "name": "CVE-2009-1867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1867"
    },
    {
      "name": "CVE-2009-2813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2813"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2805"
    },
    {
      "name": "CVE-2009-0949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0949"
    },
    {
      "name": "CVE-2009-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2800"
    },
    {
      "name": "CVE-2009-1866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1866"
    },
    {
      "name": "CVE-2009-2468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2468"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2009-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1865"
    },
    {
      "name": "CVE-2009-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1868"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2008-5498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5498"
    },
    {
      "name": "CVE-2009-1372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1372"
    },
    {
      "name": "CVE-2009-2811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2811"
    },
    {
      "name": "CVE-2009-2809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2809"
    },
    {
      "name": "CVE-2009-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1870"
    },
    {
      "name": "CVE-2009-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1862"
    },
    {
      "name": "CVE-2009-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2812"
    },
    {
      "name": "CVE-2009-1272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1272"
    },
    {
      "name": "CVE-2009-1241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1241"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1371"
    },
    {
      "name": "CVE-2008-6680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6680"
    },
    {
      "name": "CVE-2009-1270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1270"
    },
    {
      "name": "CVE-2009-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1271"
    },
    {
      "name": "CVE-2009-2807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2807"
    },
    {
      "name": "CVE-2009-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2814"
    },
    {
      "name": "CVE-2009-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1863"
    },
    {
      "name": "CVE-2009-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1869"
    },
    {
      "name": "CVE-2009-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2803"
    }
  ],
  "initial_release_date": "2009-09-11T00:00:00",
  "last_revision_date": "2009-09-11T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-382",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eMacOS\nX\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3865 du 10 septembre 2009",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3864 du 11 septembre 2009",
      "url": "http://support.apple.com/kb/HT3864"
    }
  ]
}

FKIE_CVE-2009-0591

Vulnerability from fkie_nvd - Published: 2009-03-27 16:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=124464882609472&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127678688104458&w=2
secalert@redhat.com	http://secunia.com/advisories/34411	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/34460	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/34666
secalert@redhat.com	http://secunia.com/advisories/35065
secalert@redhat.com	http://secunia.com/advisories/35380
secalert@redhat.com	http://secunia.com/advisories/35729
secalert@redhat.com	http://secunia.com/advisories/36701
secalert@redhat.com	http://secunia.com/advisories/42724
secalert@redhat.com	http://secunia.com/advisories/42733
secalert@redhat.com	http://securitytracker.com/id?1021907
secalert@redhat.com	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
secalert@redhat.com	http://support.apple.com/kb/HT3865
secalert@redhat.com	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	Vendor Advisory
secalert@redhat.com	http://www.openssl.org/news/secadv_20090325.txt	Vendor Advisory
secalert@redhat.com	http://www.osvdb.org/52865
secalert@redhat.com	http://www.php.net/archive/2009.php#id2009-04-08-1
secalert@redhat.com	http://www.securityfocus.com/bid/34256
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0850	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1020
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1175
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1548
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/49432
secalert@redhat.com	https://kb.bluecoat.com/index?page=content&id=SA50
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=124464882609472&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127678688104458&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34411	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34460	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34666
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35065
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35380
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35729
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/36701
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42724
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42733
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021907
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3865
af854a3a-2127-422b-91ae-364da2661108	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openssl.org/news/secadv_20090325.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/52865
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/archive/2009.php#id2009-04-08-1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34256
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0850	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1020
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1175
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1548
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49432
af854a3a-2127-422b-91ae-364da2661108	https://kb.bluecoat.com/index?page=content&id=SA50

Impacted products

Vendor	Product	Version
openssl	openssl	0.9.8h
openssl	openssl	0.9.8i
openssl	openssl	0.9.8j

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n CMS_verify en OpenSSL v0.9.8h hasta v0.9.8j, cuando se ha habilitado CMS, no maneja adecuadamente los errores asociados con atributos firmados malformados, permitiendo a atacantes remotos rechazar una firma que originalmente aparentaba ser v\u00e1lida pero que realmente ser\u00e1 inv\u00e1lida."
    }
  ],
  "id": "CVE-2009-0591",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-27T16:30:01.920",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34411"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34460"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34666"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35380"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1021907"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/52865"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/34256"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0850"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1020"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1175"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1548"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1021907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/52865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue affected OpenSSL CMS functionality which is not present in the openssl packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.",
      "lastModified": "2009-03-30T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-0591

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0591

Aliases

CVE-2009-0591

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0591",
    "description": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.",
    "id": "GSD-2009-0591",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-0591.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0591"
      ],
      "details": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.",
      "id": "GSD-2009-0591",
      "modified": "2023-12-13T01:19:44.689287Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-0591",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "http://secunia.com/advisories/35065",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc",
            "refsource": "MISC",
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "http://secunia.com/advisories/34411",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34411"
          },
          {
            "name": "http://secunia.com/advisories/34460",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34460"
          },
          {
            "name": "http://secunia.com/advisories/34666",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34666"
          },
          {
            "name": "http://secunia.com/advisories/35380",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35380"
          },
          {
            "name": "http://secunia.com/advisories/35729",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35729"
          },
          {
            "name": "http://secunia.com/advisories/36701",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/36701"
          },
          {
            "name": "http://secunia.com/advisories/42724",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "http://secunia.com/advisories/42733",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847",
            "refsource": "MISC",
            "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
          },
          {
            "name": "http://support.apple.com/kb/HT3865",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT3865"
          },
          {
            "name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html",
            "refsource": "MISC",
            "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
          },
          {
            "name": "http://www.openssl.org/news/secadv_20090325.txt",
            "refsource": "MISC",
            "url": "http://www.openssl.org/news/secadv_20090325.txt"
          },
          {
            "name": "http://www.php.net/archive/2009.php#id2009-04-08-1",
            "refsource": "MISC",
            "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
          },
          {
            "name": "http://www.securityfocus.com/bid/34256",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/34256"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/0850",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/0850"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1020",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1020"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1175",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1175"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1548",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1548"
          },
          {
            "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
            "refsource": "MISC",
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "http://securitytracker.com/id?1021907",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1021907"
          },
          {
            "name": "http://www.osvdb.org/52865",
            "refsource": "MISC",
            "url": "http://www.osvdb.org/52865"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-0591"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34460",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34460"
            },
            {
              "name": "1021907",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1021907"
            },
            {
              "name": "34256",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34256"
            },
            {
              "name": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
            },
            {
              "name": "34411",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34411"
            },
            {
              "name": "52865",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/52865"
            },
            {
              "name": "ADV-2009-0850",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0850"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20090325.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.openssl.org/news/secadv_20090325.txt"
            },
            {
              "name": "34666",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34666"
            },
            {
              "name": "http://www.php.net/archive/2009.php#id2009-04-08-1",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
            },
            {
              "name": "ADV-2009-1020",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1020"
            },
            {
              "name": "ADV-2009-1175",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1175"
            },
            {
              "name": "SUSE-SR:2009:010",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
            },
            {
              "name": "35065",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35065"
            },
            {
              "name": "35380",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35380"
            },
            {
              "name": "ADV-2009-1548",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1548"
            },
            {
              "name": "SSRT090059",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
            },
            {
              "name": "35729",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35729"
            },
            {
              "name": "NetBSD-SA2009-008",
              "refsource": "NETBSD",
              "tags": [],
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc"
            },
            {
              "name": "http://support.apple.com/kb/HT3865",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3865"
            },
            {
              "name": "APPLE-SA-2009-09-10-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
            },
            {
              "name": "36701",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/36701"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "HPSBOV02540",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
            },
            {
              "name": "openssl-cmsverify-security-bypass(49432)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:29Z",
      "publishedDate": "2009-03-27T16:30Z"
    }
  }
}

GHSA-XFGM-R927-X577

Vulnerability from github – Published: 2022-05-03 03:20 – Updated: 2022-05-03 03:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-27T16:30:00Z",
    "severity": "LOW"
  },
  "details": "The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.",
  "id": "GHSA-xfgm-r927-x577",
  "modified": "2022-05-03T03:20:23Z",
  "published": "2022-05-03T03:20:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0591"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49432"
    },
    {
      "type": "WEB",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=124464882609472\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34411"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34460"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34666"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35380"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35729"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36701"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021907"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=671059\u0026group_id=116847"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3865"
    },
    {
      "type": "WEB",
      "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openssl.org/news/secadv_20090325.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/52865"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/archive/2009.php#id2009-04-08-1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34256"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0850"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1020"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1175"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1548"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0591 (GCVE-0-2009-0591)

CERTA-2009-AVI-120

Description

Solution

CERTA-2010-AVI-627

Description

Solution

CERTA-2010-AVI-268

Description

Solution

CERTA-2009-AVI-382

Description

Solution

FKIE_CVE-2009-0591

GSD-2009-0591

GHSA-XFGM-R927-X577

Tags

Sightings

Nomenclature