Candidate: CVE-2009-0265
PublicDate: 2009-01-26 15:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265
Description:
 Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly
 check the return value from the OpenSSL EVP_VerifyFinal function, which
 allows remote attackers to bypass validation of the certificate chain via a
 malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and
 CVE-2009-0025.
Ubuntu-Description:
Notes:
 jdstrand> Only affects Bind 9.6.0. 9.5 and earlier does not have
  EVP_VerifyFinal().
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_bind9:
upstream_bind9: released (9.6.0-P1)
dapper_bind9: not-affected (1:9.3.2-2ubuntu1.6)
gutsy_bind9: not-affected (1:9.4.1-P1-3ubuntu2.1)
hardy_bind9: not-affected (1:9.4.2.dfsg.P2-2ubuntu0.1)
intrepid_bind9: not-affected (1:9.5.0.dfsg.P2-1ubuntu3.1)
devel_bind9: not-affected (1:9.5.0.dfsg.P2-5ubuntu1)