OpenSSL CVE-2008-5077: Incorrect checks for malformed signatures
Some exploitable logic errors have been discovered in OpenSSL versions
prior to 0.9.8j. These errors may permit an attacker to bypass
validation of DSA/ECDSA certificates and conduct a "man in the middle
attack" against SSL/TLS connection that use them. Fortunately, DSA and
ECDSA certificates appear to be rarely used in practice.
This vulnerability has been designated CVE-2008-5077. More information
is available from the OpenSSL project at: