DNSSEC Validation Library Vulnerability in dnssec-tools by CSNIC
CVE-2008-1184

Currently unrated

Key Information:

Vendor: Dnssec-tools
Status: Dnssec-tools
Vendor: CVE Published:; 6 March 2008

🔔 Create Dnssec-tools Vulnerability Alert

What is CVE-2008-1184?

The DNSSEC validation library (libval) in versions of dnssec-tools earlier than 1.3.1 is susceptible to a security bypass vulnerability due to improper verification of the signing key as the APEX trust anchor. This flaw may enable attackers to exploit the library in unspecified ways, leading to serious security implications.

References

http://secunia.com/advisories/29095

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/40836

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2008/0673/references

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2008
Vulnerability Reserved
Mar 5, 2008