[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function
Bug #317181 reported by
Stefan Lesicnik
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lasso (Ubuntu) |
Fix Released
|
Undecided
|
Stefan Lesicnik | ||
Dapper |
Fix Released
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Intrepid |
Fix Released
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
Undecided
|
Stefan Lesicnik |
Bug Description
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
CVE References
Changed in lasso: | |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
status: | In Progress → Confirmed |
Changed in lasso: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Please sync lasso_2.2.1-2 from Debian Unstable (main) for Jaunty fix.