Vulnerability Details : CVE-2009-0127
M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.
Products affected by CVE-2009-0127
- cpe:2.3:a:heikkitoivonen:m2crypto:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0127
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0127
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2009-0127
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-0127
-
Red Hat 2009-01-21Red Hat does not consider this to be a security issue. M2Crypto provides python interfaces to multiple OpenSSL functions. Neither of those interfaces is further used by M2Crypto in an insecure way. Additionally, no application shipped in Red Hat Enterprise Linux is known to use affected interfaces provided by M2Crypto. Further details can be found in the following bug report: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127#c1
References for CVE-2009-0127
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515
#511515 - m2crypto: openssl return values. - Debian Bug report logsThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=479676
479676 – (CVE-2009-0127) CVE-2009-0127 m2crypto: OpenSSL incorrect checks for malformed signaturesExploit;Issue Tracking
-
http://openwall.com/lists/oss-security/2009/01/12/4
oss-security - CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2cryptoMailing List
Jump to