CVE-2008-1184 | Vulnerability Database | Aqua Security

The DNSSEC validation library (libval) library in dnssec-tools before 1.3.1 does not properly check that the signing key is the APEX trust anchor, which might allow attackers to conduct unspecified attacks.

Affected Software

Name	Vendor	Start Version	End Version
Dnssec-tools	Dnssec-tools	*	1.3.1 (including)

References

http://secunia.com/advisories/29095
http://secunia.com/advisories/29127
http://sourceforge.net/mailarchive/forum.php?thread_name=sdlk5lolzj.fsf%40wes.hardakers.net\u0026forum_name=dnssec-tools-users
http://www.securityfocus.com/bid/27998
http://www.vupen.com/english/advisories/2008/0673/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/40836
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00820.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00845.html
http://secunia.com/advisories/29095
http://secunia.com/advisories/29127
http://sourceforge.net/mailarchive/forum.php?thread_name=sdlk5lolzj.fsf%40wes.hardakers.net\u0026forum_name=dnssec-tools-users
http://www.securityfocus.com/bid/27998
http://www.vupen.com/english/advisories/2008/0673/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/40836
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00820.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00845.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1184
CWE	https://cwe.mitre.org/data/definitions/255.html