CVE Kennung:	CVE-2008-5077
Beschreibung:	OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
Test Kennungen:	1.3.6.1.4.1.25623.1.0.63400   1.3.6.1.4.1.25623.1.0.63349   1.3.6.1.4.1.25623.1.0.63209   1.3.6.1.4.1.25623.1.0.65187   1.3.6.1.4.1.25623.1.0.63346   1.3.6.1.4.1.25623.1.0.63142   1.3.6.1.4.1.25623.1.0.63112   1.3.6.1.4.1.25623.1.0.63214   1.3.6.1.4.1.25623.1.0.65926   1.3.6.1.4.1.25623.1.0.63148   1.3.6.1.4.1.25623.1.0.64246   1.3.6.1.4.1.25623.1.0.63179   1.3.6.1.4.1.25623.1.0.66027   1.3.6.1.4.1.25623.1.0.63162   1.3.6.1.4.1.25623.1.0.63141   1.3.6.1.4.1.25623.1.0.63176   1.3.6.1.4.1.25623.1.0.63232   1.3.6.1.4.1.25623.1.0.65767   1.3.6.1.4.1.25623.1.0.63275   1.3.6.1.4.1.25623.1.0.122533   1.3.6.1.4.1.25623.1.0.880789   1.3.6.1.4.1.25623.1.0.880759   1.3.6.1.4.1.25623.1.0.880893   1.3.6.1.4.1.25623.1.0.880861   1.3.6.1.4.1.25623.1.0.880927
Querverweise:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5077 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 33150 http://www.securityfocus.com/bid/33150 Bugtraq: 20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses (Google Search) http://www.securityfocus.com/archive/1/499827/100/0/threaded Bugtraq: 20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim (Google Search) http://www.securityfocus.com/archive/1/502322/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://security.gentoo.org/glsa/glsa-200902-02.xml HPdes Security Advisory: HPSBMA02426 http://marc.info/?l=bugtraq&m=124277349419254&w=2 HPdes Security Advisory: HPSBOV02540 http://marc.info/?l=bugtraq&m=127678688104458&w=2 HPdes Security Advisory: HPSBUX02418 http://marc.info/?l=bugtraq&m=123859864430555&w=2 HPdes Security Advisory: SSRT090002 http://marc.info/?l=bugtraq&m=123859864430555&w=2 HPdes Security Advisory: SSRT090053 http://marc.info/?l=bugtraq&m=124277349419254&w=2 http://www.ocert.org/advisories/ocert-2008-016.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9155 RedHat Security Advisories: RHSA-2009:0004 http://www.redhat.com/support/errata/RHSA-2009-0004.html http://www.securitytracker.com/id?1021523 http://secunia.com/advisories/33338 http://secunia.com/advisories/33394 http://secunia.com/advisories/33436 http://secunia.com/advisories/33557 http://secunia.com/advisories/33673 http://secunia.com/advisories/33765 http://secunia.com/advisories/34211 http://secunia.com/advisories/35074 http://secunia.com/advisories/35108 http://secunia.com/advisories/39005 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796 http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1 SuSE Security Announcement: SUSE-SU-2011:0847 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html SuSE Security Announcement: openSUSE-SU-2011:0845 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html https://usn.ubuntu.com/704-1/ http://www.vupen.com/english/advisories/2009/0040 http://www.vupen.com/english/advisories/2009/0289 http://www.vupen.com/english/advisories/2009/0362 http://www.vupen.com/english/advisories/2009/0558 http://www.vupen.com/english/advisories/2009/0904 http://www.vupen.com/english/advisories/2009/0913 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1338