Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.

CVE-2009-0126 (boinc_client)

BugsAlert Home > CVE-2009-0126 (boinc_client)
 
 

The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.




Original Source: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0126

Learn more about CVE-2009-0126 (boinc_client)
 
Tags: cve-2009-0126 boinc client

Related Items

      TROJ_ANOMALY.BJR

      Fedora 11 Update: deltarpm-3.4-17.fc11

      User post displays

      FrSIRT - Debian Security Update Fixes Libvorbis Buffer Overflow Vulnerabilities

      CVE-2008-3357 (Ingres)

      Mitchell Baker: EC Principle 2: Windows Must Not Provide a Technical Advantage to IE

      Updated Firefox 3.6.4 beta available for download and testing

 

Pixel