CVE-2009-0025

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Bind	Isc	9.0 (including)	9.0 (including)
Bind	Isc	9.0.0-rc1 (including)	9.0.0-rc1 (including)
Bind	Isc	9.0.0-rc2 (including)	9.0.0-rc2 (including)
Bind	Isc	9.0.0-rc3 (including)	9.0.0-rc3 (including)
Bind	Isc	9.0.0-rc4 (including)	9.0.0-rc4 (including)
Bind	Isc	9.0.0-rc5 (including)	9.0.0-rc5 (including)
Bind	Isc	9.0.0-rc6 (including)	9.0.0-rc6 (including)
Bind	Isc	9.0.1 (including)	9.0.1 (including)
Bind	Isc	9.0.1-rc1 (including)	9.0.1-rc1 (including)
Bind	Isc	9.0.1-rc2 (including)	9.0.1-rc2 (including)
Bind	Isc	9.1 (including)	9.1 (including)
Bind	Isc	9.1.0-rc1 (including)	9.1.0-rc1 (including)
Bind	Isc	9.1.1 (including)	9.1.1 (including)
Bind	Isc	9.1.1-rc1 (including)	9.1.1-rc1 (including)
Bind	Isc	9.1.1-rc2 (including)	9.1.1-rc2 (including)
Bind	Isc	9.1.1-rc3 (including)	9.1.1-rc3 (including)
Bind	Isc	9.1.1-rc4 (including)	9.1.1-rc4 (including)
Bind	Isc	9.1.1-rc5 (including)	9.1.1-rc5 (including)
Bind	Isc	9.1.1-rc6 (including)	9.1.1-rc6 (including)
Bind	Isc	9.1.1-rc7 (including)	9.1.1-rc7 (including)
Bind	Isc	9.1.2 (including)	9.1.2 (including)
Bind	Isc	9.1.2-rc1 (including)	9.1.2-rc1 (including)
Bind	Isc	9.1.3 (including)	9.1.3 (including)
Bind	Isc	9.1.3-rc1 (including)	9.1.3-rc1 (including)
Bind	Isc	9.1.3-rc2 (including)	9.1.3-rc2 (including)
Bind	Isc	9.1.3-rc3 (including)	9.1.3-rc3 (including)
Bind	Isc	9.2.0 (including)	9.2.0 (including)
Bind	Isc	9.2.0-a1 (including)	9.2.0-a1 (including)
Bind	Isc	9.2.0-a2 (including)	9.2.0-a2 (including)
Bind	Isc	9.2.0-a3 (including)	9.2.0-a3 (including)
Bind	Isc	9.2.0-b1 (including)	9.2.0-b1 (including)
Bind	Isc	9.2.0-b2 (including)	9.2.0-b2 (including)
Bind	Isc	9.2.0-rc1 (including)	9.2.0-rc1 (including)
Bind	Isc	9.2.0-rc10 (including)	9.2.0-rc10 (including)
Bind	Isc	9.2.0-rc2 (including)	9.2.0-rc2 (including)
Bind	Isc	9.2.0-rc3 (including)	9.2.0-rc3 (including)
Bind	Isc	9.2.0-rc4 (including)	9.2.0-rc4 (including)
Bind	Isc	9.2.0-rc5 (including)	9.2.0-rc5 (including)
Bind	Isc	9.2.0-rc6 (including)	9.2.0-rc6 (including)
Bind	Isc	9.2.0-rc7 (including)	9.2.0-rc7 (including)
Bind	Isc	9.2.0-rc8 (including)	9.2.0-rc8 (including)
Bind	Isc	9.2.0-rc9 (including)	9.2.0-rc9 (including)
Bind	Isc	9.2.1 (including)	9.2.1 (including)
Bind	Isc	9.2.1-rc1 (including)	9.2.1-rc1 (including)
Bind	Isc	9.2.1-rc2 (including)	9.2.1-rc2 (including)
Bind	Isc	9.2.2 (including)	9.2.2 (including)
Bind	Isc	9.2.2-p2 (including)	9.2.2-p2 (including)
Bind	Isc	9.2.2-p3 (including)	9.2.2-p3 (including)
Bind	Isc	9.2.2-rc1 (including)	9.2.2-rc1 (including)
Bind	Isc	9.2.3 (including)	9.2.3 (including)
Bind	Isc	9.2.3-rc1 (including)	9.2.3-rc1 (including)
Bind	Isc	9.2.3-rc2 (including)	9.2.3-rc2 (including)
Bind	Isc	9.2.3-rc3 (including)	9.2.3-rc3 (including)
Bind	Isc	9.2.3-rc4 (including)	9.2.3-rc4 (including)
Bind	Isc	9.2.4 (including)	9.2.4 (including)
Bind	Isc	9.2.4-rc2 (including)	9.2.4-rc2 (including)
Bind	Isc	9.2.4-rc3 (including)	9.2.4-rc3 (including)
Bind	Isc	9.2.4-rc4 (including)	9.2.4-rc4 (including)
Bind	Isc	9.2.4-rc5 (including)	9.2.4-rc5 (including)
Bind	Isc	9.2.4-rc6 (including)	9.2.4-rc6 (including)
Bind	Isc	9.2.4-rc7 (including)	9.2.4-rc7 (including)
Bind	Isc	9.2.4-rc8 (including)	9.2.4-rc8 (including)
Bind	Isc	9.2.5 (including)	9.2.5 (including)
Bind	Isc	9.2.5-b2 (including)	9.2.5-b2 (including)
Bind	Isc	9.2.5-rc1 (including)	9.2.5-rc1 (including)
Bind	Isc	9.2.6 (including)	9.2.6 (including)
Bind	Isc	9.2.6-rc1 (including)	9.2.6-rc1 (including)
Bind	Isc	9.2.7 (including)	9.2.7 (including)
Bind	Isc	9.2.7-rc1 (including)	9.2.7-rc1 (including)
Bind	Isc	9.2.7-rc2 (including)	9.2.7-rc2 (including)
Bind	Isc	9.2.7-rc3 (including)	9.2.7-rc3 (including)
Bind	Isc	9.4 (including)	9.4 (including)
Bind	Isc	9.4.0 (including)	9.4.0 (including)
Bind	Isc	9.4.0-a1 (including)	9.4.0-a1 (including)
Bind	Isc	9.4.0-a2 (including)	9.4.0-a2 (including)
Bind	Isc	9.4.0-a3 (including)	9.4.0-a3 (including)
Bind	Isc	9.4.0-a4 (including)	9.4.0-a4 (including)
Bind	Isc	9.4.0-a5 (including)	9.4.0-a5 (including)
Bind	Isc	9.4.0-a6 (including)	9.4.0-a6 (including)
Bind	Isc	9.4.0-b1 (including)	9.4.0-b1 (including)
Bind	Isc	9.4.0-b2 (including)	9.4.0-b2 (including)
Bind	Isc	9.4.0-b3 (including)	9.4.0-b3 (including)
Bind	Isc	9.4.0-b4 (including)	9.4.0-b4 (including)
Bind	Isc	9.4.0-rc1 (including)	9.4.0-rc1 (including)
Bind	Isc	9.4.0-rc2 (including)	9.4.0-rc2 (including)
Bind	Isc	9.4.1 (including)	9.4.1 (including)
Bind	Isc	9.4.2 (including)	9.4.2 (including)
Bind	Isc	9.4.2-rc1 (including)	9.4.2-rc1 (including)
Bind	Isc	9.4.2-rc2 (including)	9.4.2-rc2 (including)
Bind	Isc	9.4.3 (including)	9.4.3 (including)
Bind	Isc	9.4.3-b1 (including)	9.4.3-b1 (including)
Bind	Isc	9.4.3-b2 (including)	9.4.3-b2 (including)
Bind	Isc	9.4.3-b3 (including)	9.4.3-b3 (including)
Bind	Isc	9.4.3-rc1 (including)	9.4.3-rc1 (including)
Bind	Isc	9.5.0 (including)	9.5.0 (including)
Bind	Isc	9.5.1 (including)	9.5.1 (including)
Bind	Isc	9.6.0 (including)	9.6.0 (including)
Red Hat Enterprise Linux 2.1	RedHat	bind-0:9.2.1-11.el2	*
Red Hat Enterprise Linux 3	RedHat	bind-20:9.2.4-23.el3	*
Red Hat Enterprise Linux 4	RedHat	bind-20:9.2.4-30.el4_7.1	*
Red Hat Enterprise Linux 5	RedHat	bind-30:9.3.4-6.0.3.P1.el5_2	*
Bind9	Ubuntu	dapper	*
Bind9	Ubuntu	devel	*
Bind9	Ubuntu	gutsy	*
Bind9	Ubuntu	hardy	*
Bind9	Ubuntu	intrepid	*
Bind9	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0025
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

References

CVE-2009-0025

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References