NVD Vulnerability Detail

CVE-2009-0591

Summary	The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
Summary	La función CMS_verify en OpenSSL v0.9.8h hasta v0.9.8j, cuando se ha habilitado CMS, no maneja adecuadamente los errores asociados con atributos firmados malformados, permitiendo a atacantes remotos rechazar una firma que originalmente aparentaba ser válida pero que realmente será inválida.
Publication Date	March 28, 2009, 1:30 a.m.
Registration Date	Jan. 29, 2021, 1:14 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : LOW
Score	2.6
Vector	AV:N/AC:H/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
cpe:2.3:a:openssl:openssl:0.9.8j:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	secalert@redhat.com
2	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	secalert@redhat.com
3	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	secalert@redhat.com
4	http://marc.info/?l=bugtraq&m=124464882609472&w=2	secalert@redhat.com
5	http://marc.info/?l=bugtraq&m=127678688104458&w=2	secalert@redhat.com
6	http://secunia.com/advisories/34411	secalert@redhat.com
7	http://secunia.com/advisories/34460	secalert@redhat.com
8	http://secunia.com/advisories/34666	secalert@redhat.com
9	http://secunia.com/advisories/35065	secalert@redhat.com
10	http://secunia.com/advisories/35380	secalert@redhat.com
11	http://secunia.com/advisories/35729	secalert@redhat.com
12	http://secunia.com/advisories/36701	secalert@redhat.com
13	http://secunia.com/advisories/42724	secalert@redhat.com
14	http://secunia.com/advisories/42733	secalert@redhat.com
15	http://securitytracker.com/id?1021907	secalert@redhat.com
16	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	secalert@redhat.com
17	http://support.apple.com/kb/HT3865	secalert@redhat.com
18	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	secalert@redhat.com
19	http://www.openssl.org/news/secadv_20090325.txt	secalert@redhat.com
20	http://www.osvdb.org/52865	secalert@redhat.com
21	http://www.php.net/archive/2009.php#id2009-04-08-1	secalert@redhat.com
22	http://www.securityfocus.com/bid/34256	secalert@redhat.com
23	http://www.vupen.com/english/advisories/2009/0850	secalert@redhat.com
24	http://www.vupen.com/english/advisories/2009/1020	secalert@redhat.com
25	http://www.vupen.com/english/advisories/2009/1175	secalert@redhat.com
26	http://www.vupen.com/english/advisories/2009/1548	secalert@redhat.com
27	https://exchange.xforce.ibmcloud.com/vulnerabilities/49432	secalert@redhat.com
28	https://kb.bluecoat.com/index?page=content&id=SA50	secalert@redhat.com
29	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	af854a3a-2127-422b-91ae-364da2661108
30	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
31	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
32	http://marc.info/?l=bugtraq&m=124464882609472&w=2	af854a3a-2127-422b-91ae-364da2661108
33	http://marc.info/?l=bugtraq&m=127678688104458&w=2	af854a3a-2127-422b-91ae-364da2661108
34	http://secunia.com/advisories/34411	af854a3a-2127-422b-91ae-364da2661108
35	http://secunia.com/advisories/34460	af854a3a-2127-422b-91ae-364da2661108
36	http://secunia.com/advisories/34666	af854a3a-2127-422b-91ae-364da2661108
37	http://secunia.com/advisories/35065	af854a3a-2127-422b-91ae-364da2661108
38	http://secunia.com/advisories/35380	af854a3a-2127-422b-91ae-364da2661108
39	http://secunia.com/advisories/35729	af854a3a-2127-422b-91ae-364da2661108
40	http://secunia.com/advisories/36701	af854a3a-2127-422b-91ae-364da2661108
41	http://secunia.com/advisories/42724	af854a3a-2127-422b-91ae-364da2661108
42	http://secunia.com/advisories/42733	af854a3a-2127-422b-91ae-364da2661108
43	http://securitytracker.com/id?1021907	af854a3a-2127-422b-91ae-364da2661108
44	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	af854a3a-2127-422b-91ae-364da2661108
45	http://support.apple.com/kb/HT3865	af854a3a-2127-422b-91ae-364da2661108
46	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	af854a3a-2127-422b-91ae-364da2661108
47	http://www.openssl.org/news/secadv_20090325.txt	af854a3a-2127-422b-91ae-364da2661108
48	http://www.osvdb.org/52865	af854a3a-2127-422b-91ae-364da2661108
49	http://www.php.net/archive/2009.php#id2009-04-08-1	af854a3a-2127-422b-91ae-364da2661108
50	http://www.securityfocus.com/bid/34256	af854a3a-2127-422b-91ae-364da2661108
51	http://www.vupen.com/english/advisories/2009/0850	af854a3a-2127-422b-91ae-364da2661108
52	http://www.vupen.com/english/advisories/2009/1020	af854a3a-2127-422b-91ae-364da2661108
53	http://www.vupen.com/english/advisories/2009/1175	af854a3a-2127-422b-91ae-364da2661108
54	http://www.vupen.com/english/advisories/2009/1548	af854a3a-2127-422b-91ae-364da2661108
55	https://exchange.xforce.ibmcloud.com/vulnerabilities/49432	af854a3a-2127-422b-91ae-364da2661108
56	https://kb.bluecoat.com/index?page=content&id=SA50	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List