{
  "details" : [ "Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025." ],
  "statement" : "Not vulnerable. This issue did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-0265\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0265" ],
  "name" : "CVE-2009-0265",
  "csaw" : false
}