"The most important affected program is ISC Bind, which is the
most widely used DNS server on the internet. A flaw in its
validation of signatures on DNSSEC replies means that the server
may be vulnerable to DNS spoofing attacks even where DNSSEC is in
use. Bind have released BIND 9.6.0-P1 this morning to fix this
"The common mistake is in the checking of return values from
functions in OpenSSL that check digital signatures. Programmers
have failed to allow for all the possible return values of the
EVP_VerifyFinal function, and as a result some cases where the
signature has not been successfully checked can be mistakenly
treated as successfully verified."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.