Definition


New Search

OpenSSL DSA and ECDSA "EVP_VerifyFinal()" Spoofing Vulnerability

oval:org.mitre.oval:def:6380

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
  • VMWare ESX Server 3
Class:
vulnerability
Reference(s):
  • CVE-2008-5077
Product(s):