CVE-2009-0025
bind9 - cryptographic weakness
EPSS 0.96%
Description
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
How to fix CVE-2009-0025
To remediate CVE-2009-0025, upgrade the affected package to a fixed version below.
- Debian/bind9—upgrade to 1:9.5.1.dfsg.P1-1 or later
- Debian/bind9—upgrade to 1:9.3.4-2etch4 or later
Is CVE-2009-0025 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:9.5.1.dfsg.P1-1
- from 0, < 1:9.3.4-2etch4