Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NTP 函数OpenSSL EVP_VerifyFinal 安全绕过漏洞
Vulnerability Description
NTP (Network Time Protocol)是一款客户端用于与时间服务器同步日期和时间的协议。 OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 NTP 没有正确处理函数OpenSSL EVP_VerifyFinal返回值,使系统存在安全绕过漏洞。远程攻击者可以通过为DSA和ECDSA key伪造SSL/TLS签名绕过证书链表符合性检查。
CVSS Information
N/A
Vulnerability Type
N/A