CVE Vulnerabilities

CVE-2009-0047

Improper Authentication

Published: Jan 07, 2009 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Gale 0.99 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Gale Gale 0.18c 0.18c
Gale Gale 0.17 0.17
Gale Gale 0.20a 0.20a
Gale Gale 0.19b 0.19b
Gale Gale 0.21 0.21
Gale Gale * 0.99
Gale Gale 0.15b 0.15b
Gale Gale 0.90b 0.90b
Gale Gale 0.91b 0.91b
Gale Gale 0.19 0.19
Gale Gale 0.18b 0.18b
Gale Gale 0.90a 0.90a
Gale Gale 0.15 0.15
Gale Gale 0.90c 0.90c
Gale Gale 0.17a 0.17a
Gale Gale 0.91 0.91
Gale Gale 0.15c 0.15c
Gale Gale 0.18 0.18
Gale Gale 0.91a 0.91a
Gale Gale 0.16a 0.16a
Gale Gale 0.19a 0.19a
Gale Gale 0.16 0.16

Potential Mitigations

References