CVE-2009-0126

The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Boinc_client	Berkeley	6.2.14 (including)	6.2.14 (including)
Boinc_client	Berkeley	6.4.5 (including)	6.4.5 (including)
Boinc	Ubuntu	dapper	*
Boinc	Ubuntu	gutsy	*
Boinc	Ubuntu	hardy	*
Boinc	Ubuntu	intrepid	*
Boinc	Ubuntu	upstream	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://boinc.berkeley.edu/trac/changeset/16883
http://boinc.berkeley.edu/trac/ticket/823
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511521
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://openwall.com/lists/oss-security/2009/01/12/4
http://secunia.com/advisories/33806
http://secunia.com/advisories/33828
https://bugzilla.redhat.com/show_bug.cgi?id=479664
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00034.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0126
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References