bind CVE-2009-0025: incorrect DSA verification checks

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

bind CVE-2009-0025: incorrect DSA verification checks

Damien Miller
Some exploitable logic errors have been found in the bind nameserver's
use of OpenSSL DSA verification functions. These errors may permit an
attacker to bypass validation of DSA DNSSEC signatures.

This vulnerability has been designated CVE-2009-0025. More information
is available from the ISC at:

Source code patches are available for OpenBSD 4.3 and 4.4. -current has
had an identical fix applied.

Patch for OpenBSD 4.3:

Patch for OpenBSD 4.4:

These patches are also available in the OPENBSD_4_3 and OPENBSD_4_4
stable CVS branches.