CVE 2008-5077
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.
Related bugs and status
CVE-2008-5077 (Candidate) is related to these bugs:
Bug #314776: OpenSSL signature verification API misuses
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 314776 | OpenSSL signature verification API misuses | openssl (Ubuntu) | High | Fix Released | ||
| 314776 | OpenSSL signature verification API misuses | ntp (Ubuntu) | Medium | Fix Released | ||
| 314776 | OpenSSL signature verification API misuses | bind9 (Ubuntu) | Medium | Fix Released | ||
| 314776 | OpenSSL signature verification API misuses | openslp-dfsg (Ubuntu) | Low | Won't Fix | ||
Bug #314984: Please merge openssl_0.9.8g-15(main) from debian unstable
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 314984 | Please merge openssl_0.9.8g-15(main) from debian unstable | openssl (Ubuntu) | Undecided | Fix Released | ||
Bug #352919: Update OpenSSL to version 0.9.8g-4ubuntu3.5
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 352919 | Update OpenSSL to version 0.9.8g-4ubuntu3.5 | The Dell Mini Project | Critical | Fix Released | ||
Bug #363904: [CVE-2008-5077] SLURM Security Flaw
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu) | Medium | Fix Released | ||
| 363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Hardy) | Medium | Invalid | ||
| 363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Intrepid) | Medium | Fix Released | ||
| 363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Jaunty) | Medium | Fix Released | ||
| 363904 | [CVE-2008-5077] SLURM Security Flaw | slurm-llnl (Ubuntu Karmic) | Medium | Fix Released | ||
Bug #1811531: remote execution vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
