redhat/openssl: The latest CVE Vulnerabilities and Exploits for Penetration Test

redhat/openssl Vulnerability Summary

• Vendor name: redhat
• Product name: openssl
• Total vulnerabilities: 28 (as 2023-05-04)

redhat/openssl Vulnerability List

CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x…

Published: 2018-11-16T18:29:00 Last Modified: 2019-10-03T00:03:00

Summary

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.

Scores

• Impact Score: 6.4
• Exploitability Score: 10.0
• CVSS: 7.5
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-16395 vulnerability.

References

• https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/
• https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/
• https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/
• https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/
• https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
• https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html
• https://hackerone.com/reports/387250
• https://www.debian.org/security/2018/dsa-4332
• https://usn.ubuntu.com/3808-1/
• http://www.securitytracker.com/id/1042105
• https://access.redhat.com/errata/RHSA-2018:3738
• https://access.redhat.com/errata/RHSA-2018:3731
• https://access.redhat.com/errata/RHSA-2018:3730
• https://access.redhat.com/errata/RHSA-2018:3729
• https://security.netapp.com/advisory/ntap-20190221-0002/
• http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html
• https://access.redhat.com/errata/RHSA-2019:1948
• https://access.redhat.com/errata/RHSA-2019:2565
• https://www.oracle.com/security-alerts/cpujan2020.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software…

Published: 2018-11-15T21:29:00 Last Modified: 2020-09-18T16:58:00

Summary

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on ‘port contention’.

Common Weakness Enumeration (CWE): CWE-203: Observable Discrepancy

CWE Description: The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.4
• CVSS: 1.9
• CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2018-5407 vulnerability.

• Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel by Billy Brumley at 2018-11-02

References

• https://github.com/bbbrumley/portsmash
• https://eprint.iacr.org/2018/1060.pdf
• https://www.exploit-db.com/exploits/45785/
• http://www.securityfocus.com/bid/105897
• https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
• https://security.netapp.com/advisory/ntap-20181126-0001/
• https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
• https://www.debian.org/security/2018/dsa-4348
• https://usn.ubuntu.com/3840-1/
• https://www.debian.org/security/2018/dsa-4355
• https://www.tenable.com/security/tns-2018-17
• https://www.tenable.com/security/tns-2018-16
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://security.gentoo.org/glsa/201903-10
• https://access.redhat.com/errata/RHSA-2019:0483
• https://access.redhat.com/errata/RHSA-2019:0652
• https://access.redhat.com/errata/RHSA-2019:0651
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://access.redhat.com/errata/RHSA-2019:2125
• https://support.f5.com/csp/article/K49711130?utm_source=f5support&utm_medium=RSS
• https://access.redhat.com/errata/RHSA-2019:3929
• https://access.redhat.com/errata/RHSA-2019:3935
• https://access.redhat.com/errata/RHSA-2019:3933
• https://access.redhat.com/errata/RHSA-2019:3931
• https://access.redhat.com/errata/RHSA-2019:3932
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://www.oracle.com/security-alerts/cpuapr2020.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-7056: A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user…

Published: 2018-09-10T16:29:00 Last Modified: 2019-10-09T23:19:00

Summary

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

Common Weakness Enumeration (CWE): CWE-320: Key Management Errors

CWE Description: Weaknesses in this category are related to errors in the management of cryptographic keys.

Scores

• Impact Score: 2.9
• Exploitability Score: 3.9
• CVSS: 2.1
• CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: LOCAL

Currently, there is no code for exploiting the CVE-2016-7056 vulnerability.

References

• https://seclists.org/oss-sec/2017/q1/52
• https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008
• https://eprint.iacr.org/2016/1195
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056
• https://www.debian.org/security/2017/dsa-3773
• https://access.redhat.com/errata/RHSA-2017:1802
• https://access.redhat.com/errata/RHSA-2017:1801
• https://access.redhat.com/errata/RHSA-2017:1414
• https://access.redhat.com/errata/RHSA-2017:1413
• http://www.securitytracker.com/id/1037575
• http://www.securityfocus.com/bid/95375
• http://rhn.redhat.com/errata/RHSA-2017-1415.html
• https://security-tracker.debian.org/tracker/CVE-2016-7056
• https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7056.html
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/016_libcrypto.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/033_libcrypto.patch.sig

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-8610: A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in…

Published: 2017-11-13T22:29:00 Last Modified: 2020-10-20T22:15:00

Summary

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-8610 vulnerability.

References

• https://security.360.cn/cve/CVE-2016-8610/
• https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
• http://seclists.org/oss-sec/2016/q4/224
• https://www.debian.org/security/2017/dsa-3773
• http://www.securitytracker.com/id/1037084
• http://www.securityfocus.com/bid/93841
• https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
• https://security.netapp.com/advisory/ntap-20171130-0001/
• https://access.redhat.com/errata/RHSA-2017:2494
• https://access.redhat.com/errata/RHSA-2017:2493
• https://access.redhat.com/errata/RHSA-2017:1802
• https://access.redhat.com/errata/RHSA-2017:1801
• https://access.redhat.com/errata/RHSA-2017:1658
• https://access.redhat.com/errata/RHSA-2017:1414
• https://access.redhat.com/errata/RHSA-2017:1413
• http://rhn.redhat.com/errata/RHSA-2017-1659.html
• http://rhn.redhat.com/errata/RHSA-2017-1415.html
• http://rhn.redhat.com/errata/RHSA-2017-0574.html
• http://rhn.redhat.com/errata/RHSA-2017-0286.html
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://security.paloaltonetworks.com/CVE-2016-8610
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols…

Published: 2016-09-01T00:59:00 Last Modified: 2021-11-17T22:15:00

Summary

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2183 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1369383
• https://www.openssl.org/blog/blog/2016/08/24/sweet32/
• https://access.redhat.com/articles/2548661
• https://www.ietf.org/mail-archive/web/tls/current/msg04560.html
• https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
• https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
• https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
• https://www.sigsac.org/ccs/CCS2016/accepted-papers/
• https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
• https://access.redhat.com/security/cve/cve-2016-2183
• https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
• https://sweet32.info/
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
• https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
• http://www.securityfocus.com/bid/92630
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
• http://www.splunk.com/view/SP-CAAAPUE
• http://www.splunk.com/view/SP-CAAAPSV
• https://security.gentoo.org/glsa/201612-16
• https://kc.mcafee.com/corporate/index?page=content&id=SB10171
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
• https://bto.bluecoat.com/security-advisory/sa133
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
• http://www.securityfocus.com/bid/95568
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
• https://www.tenable.com/security/tns-2016-16
• http://www-01.ibm.com/support/docview.wss?uid=swg21995039
• http://www-01.ibm.com/support/docview.wss?uid=swg21991482
• http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
• https://security.gentoo.org/glsa/201701-65
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
• https://security.gentoo.org/glsa/201707-01
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
• http://www.securitytracker.com/id/1036696
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://www.tenable.com/security/tns-2017-09
• https://www.tenable.com/security/tns-2016-21
• https://www.tenable.com/security/tns-2016-20
• https://security.netapp.com/advisory/ntap-20170119-0001/
• https://security.netapp.com/advisory/ntap-20160915-0001/
• https://access.redhat.com/errata/RHSA-2017:3240
• https://access.redhat.com/errata/RHSA-2017:3239
• https://access.redhat.com/errata/RHSA-2017:3114
• https://access.redhat.com/errata/RHSA-2017:3113
• https://access.redhat.com/errata/RHSA-2017:2710
• https://access.redhat.com/errata/RHSA-2017:2709
• https://access.redhat.com/errata/RHSA-2017:2708
• https://access.redhat.com/errata/RHSA-2017:1216
• http://rhn.redhat.com/errata/RHSA-2017-0462.html
• http://rhn.redhat.com/errata/RHSA-2017-0338.html
• http://rhn.redhat.com/errata/RHSA-2017-0337.html
• http://rhn.redhat.com/errata/RHSA-2017-0336.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
• http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
• https://access.redhat.com/errata/RHSA-2018:2123
• https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
• https://access.redhat.com/errata/RHSA-2019:1245
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://access.redhat.com/errata/RHSA-2019:2859
• https://www.oracle.com/security-alerts/cpujan2020.html
• https://access.redhat.com/errata/RHSA-2020:0451
• https://kc.mcafee.com/corporate/index?page=content&id=SB10310
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• http://www.ubuntu.com/usn/USN-3270-1
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html
• http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html
• https://seclists.org/bugtraq/2018/Nov/21
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
• https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
• http://www.ubuntu.com/usn/USN-3372-1
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
• http://seclists.org/fulldisclosure/2017/May/105
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680
• https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613
• https://wiki.opendaylight.org/view/Security_Advisories
• http://www.ubuntu.com/usn/USN-3087-2
• http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
• http://www.ubuntu.com/usn/USN-3087-1
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
• http://www.ubuntu.com/usn/USN-3194-1
• http://www.ubuntu.com/usn/USN-3179-1
• http://www.ubuntu.com/usn/USN-3198-1
• http://seclists.org/fulldisclosure/2017/Jul/31
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
• http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html
• https://kc.mcafee.com/corporate/index?page=content&id=SB10215
• http://www.securityfocus.com/archive/1/539885/100/0/threaded
• http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
• http://www.securityfocus.com/archive/1/542005/100/0/threaded
• https://support.f5.com/csp/article/K13167034
• https://www.exploit-db.com/exploits/42091/
• http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849
• http://www.debian.org/security/2016/dsa-3673
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
• http://www.securityfocus.com/archive/1/541104/100/0/threaded
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722
• https://kc.mcafee.com/corporate/index?page=content&id=SB10186
• http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html
• http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
• https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178
• http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
• https://kc.mcafee.com/corporate/index?page=content&id=SB10197
• http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html
• http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448
• http://www.securityfocus.com/archive/1/540341/100/0/threaded

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-2106: Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before…

Published: 2016-05-05T01:59:00 Last Modified: 2018-07-19T01:29:00

Summary

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2106 vulnerability.

References

• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://rhn.redhat.com/errata/RHSA-2016-1650.html
• http://rhn.redhat.com/errata/RHSA-2016-1648.html
• http://rhn.redhat.com/errata/RHSA-2016-1649.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/89744
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• https://source.android.com/security/bulletin/pixel/2017-11-01
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-2108: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers…

Published: 2016-05-05T01:59:00 Last Modified: 2018-01-05T02:30:00

Summary

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the “negative zero” issue.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 10.0
• Exploitability Score: 10.0
• CVSS: 10.0
• CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

• Availability: COMPLETE
• Confidentiality: COMPLETE
• Integrity: COMPLETE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2108 vulnerability.

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=f5da52e308a6aeea6d5f3df98c4da295d7e9cc27
• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=3661bb4e7934668bd99ca777ea8b30eedfafa871
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
• http://source.android.com/security/bulletin/2016-07-01.html
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05149345
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.securityfocus.com/bid/89752
• https://access.redhat.com/errata/RHSA-2016:1137
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• http://support.citrix.com/article/CTX212736
• https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00067&languageid=en-fr
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• https://access.redhat.com/errata/RHSA-2017:0194
• https://access.redhat.com/errata/RHSA-2017:0193
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t…

Published: 2016-05-05T01:59:00 Last Modified: 2019-02-21T15:09:00

Summary

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2105 vulnerability.

References

• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=5b814481f3573fa9677f3a31ee51322e2a22ee6a
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://rhn.redhat.com/errata/RHSA-2016-1650.html
• http://rhn.redhat.com/errata/RHSA-2016-1648.html
• http://rhn.redhat.com/errata/RHSA-2016-1649.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/89757
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• https://source.android.com/security/bulletin/pixel/2017-11-01
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-2107: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider…

Published: 2016-05-05T01:59:00 Last Modified: 2018-10-30T16:27:00

Summary

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 4.9
• CVSS: 2.6
• CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: HIGH
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2016-2107 vulnerability.

• OpenSSL - Padding Oracle in AES-NI CBC MAC Check by Juraj Somorovsky at 2016-05-04

References

• https://git.openssl.org/?p=openssl.git;a=commit;h=68595c0c2886e7942a14f98c17a55a88afb6c292
• https://www.openssl.org/news/secadv/20160503.txt
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164862
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
• http://source.android.com/security/bulletin/2016-07-01.html
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/89760
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html
• http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• https://www.exploit-db.com/exploits/39768/
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• http://support.citrix.com/article/CTX212736
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05386804
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03726en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2016-2109: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in…

Published: 2016-05-05T01:59:00 Last Modified: 2018-07-19T01:29:00

Summary

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 6.9
• Exploitability Score: 10.0
• CVSS: 7.8
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

• Availability: COMPLETE
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-2109 vulnerability.

References

• https://www.openssl.org/news/secadv/20160503.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202
• https://kc.mcafee.com/corporate/index?page=content&id=SB10160
• http://rhn.redhat.com/errata/RHSA-2016-0722.html
• http://rhn.redhat.com/errata/RHSA-2016-0996.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
• https://support.apple.com/HT206903
• http://www.securityfocus.com/bid/91787
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
• http://www.securityfocus.com/bid/87940
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00016.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00014.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
• https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00010.html
• http://www.ubuntu.com/usn/USN-2959-1
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00013.html
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
• http://www.securitytracker.com/id/1035721
• http://www.debian.org/security/2016/dsa-3566
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00008.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
• https://bto.bluecoat.com/security-advisory/sa123
• http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html
• https://security.gentoo.org/glsa/201612-16
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
• https://www.tenable.com/security/tns-2016-18
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_us
• https://source.android.com/security/bulletin/2017-07-01
• https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_us
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20160504-0001/
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2073.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2015-3196: ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when…

Published: 2015-12-06T20:59:00 Last Modified: 2019-06-13T18:15:00

Summary

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3196 vulnerability.

References

• http://openssl.org/news/secadv/20151203.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://marc.info/?l=bugtraq&m=145382583417444&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.securityfocus.com/bid/78622
• http://fortiguard.com/advisory/openssl-advisory-december-2015
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
• http://rhn.redhat.com/errata/RHSA-2015-2617.html
• http://www.fortiguard.com/advisory/openssl-advisory-december-2015
• http://www.ubuntu.com/usn/USN-2830-1
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
• http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
• http://www.debian.org/security/2015/dsa-3413
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
• http://www.securitytracker.com/id/1034294
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2015-3195: The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0…

Published: 2015-12-06T20:59:00 Last Modified: 2021-01-19T17:27:00

Summary

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3195 vulnerability.

References

• http://openssl.org/news/secadv/20151203.txt
• https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
• http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
• https://support.apple.com/HT206167
• http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• http://marc.info/?l=bugtraq&m=145382583417444&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://www.securityfocus.com/bid/91787
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://www.securityfocus.com/bid/78626
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
• http://fortiguard.com/advisory/openssl-advisory-december-2015
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
• http://www.fortiguard.com/advisory/openssl-advisory-december-2015
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
• http://www.debian.org/security/2015/dsa-3413
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
• http://rhn.redhat.com/errata/RHSA-2015-2617.html
• http://rhn.redhat.com/errata/RHSA-2015-2616.html
• http://www.ubuntu.com/usn/USN-2830-1
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
• http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.securitytracker.com/id/1034294
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html
• http://rhn.redhat.com/errata/RHSA-2016-2056.html
• http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2015-3216: Race condition in a certain Red Hat patch to the PRNG lock implementation in the…

Published: 2015-07-07T10:59:00 Last Modified: 2018-01-05T02:30:00

Summary

Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.

Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)

CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-3216 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1225994
• http://www.securityfocus.com/bid/75219
• http://www.securitytracker.com/id/1032587
• http://rhn.redhat.com/errata/RHSA-2015-1115.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
• http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
• http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
• http://rhn.redhat.com/errata/RHSA-2016-2957.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic…

Published: 2014-10-15T00:55:00 Last Modified: 2021-11-17T22:15:00

Summary

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

CWE Description: Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-3566 vulnerability.

References

• https://www.openssl.org/~bodo/ssl-poodle.pdf
• http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
• http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
• https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
• https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
• http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
• http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1152789
• https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
• https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
• https://access.redhat.com/articles/1232123
• https://www.imperialviolet.org/2014/10/14/poodle.html
• http://marc.info/?l=openssl-dev&m=141333049205629&w=2
• http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
• https://technet.microsoft.com/library/security/3009008.aspx
• https://www.suse.com/support/kb/doc.php?id=7015773
• http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
• https://support.apple.com/kb/HT6536
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
• https://support.apple.com/kb/HT6542
• https://support.apple.com/kb/HT6541
• http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
• https://support.apple.com/kb/HT6535
• http://www.securityfocus.com/archive/1/533746
• http://www.securityfocus.com/archive/1/533747
• http://www.securitytracker.com/id/1031096
• http://www.securitytracker.com/id/1031085
• http://secunia.com/advisories/60056
• http://www.securitytracker.com/id/1031029
• http://www.securitytracker.com/id/1031092
• http://www.securityfocus.com/bid/70574
• http://www.securitytracker.com/id/1031088
• https://support.apple.com/kb/HT6527
• http://www.securitytracker.com/id/1031095
• http://secunia.com/advisories/61827
• http://secunia.com/advisories/61345
• http://www.securitytracker.com/id/1031091
• https://support.apple.com/kb/HT6531
• https://bto.bluecoat.com/security-advisory/sa83
• http://www.securitytracker.com/id/1031105
• http://secunia.com/advisories/60792
• http://secunia.com/advisories/61303
• http://www.securitytracker.com/id/1031123
• http://www.securitytracker.com/id/1031087
• http://www.securitytracker.com/id/1031107
• http://www.securitytracker.com/id/1031094
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:203
• http://www.securitytracker.com/id/1031090
• http://secunia.com/advisories/61810
• http://www-01.ibm.com/support/docview.wss?uid=swg21687172
• http://secunia.com/advisories/61019
• http://www.securitytracker.com/id/1031039
• http://www.securitytracker.com/id/1031093
• http://secunia.com/advisories/61825
• http://www.securitytracker.com/id/1031106
• http://www.securitytracker.com/id/1031086
• https://support.apple.com/kb/HT6529
• http://secunia.com/advisories/61782
• http://www.securitytracker.com/id/1031089
• http://secunia.com/advisories/61359
• http://rhn.redhat.com/errata/RHSA-2014-1652.html
• http://marc.info/?l=bugtraq&m=141477196830952&w=2
• http://www.kb.cert.org/vuls/id/577193
• http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
• http://marc.info/?l=bugtraq&m=141450452204552&w=2
• http://marc.info/?l=bugtraq&m=141450973807288&w=2
• http://www.debian.org/security/2014/dsa-3053
• https://www.openssl.org/news/secadv_20141015.txt
• http://www.us-cert.gov/ncas/alerts/TA14-290A
• http://rhn.redhat.com/errata/RHSA-2014-1692.html
• http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
• http://secunia.com/advisories/61926
• ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
• http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html
• http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
• http://www-01.ibm.com/support/docview.wss?uid=swg21686997
• http://secunia.com/advisories/61819
• http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
• http://advisories.mageia.org/MGASA-2014-0416.html
• http://www.securitytracker.com/id/1031131
• http://secunia.com/advisories/61130
• https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
• http://secunia.com/advisories/60859
• http://www.securitytracker.com/id/1031130
• http://www.securitytracker.com/id/1031120
• http://secunia.com/advisories/61995
• http://support.citrix.com/article/CTX200238
• http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html
• http://www.securitytracker.com/id/1031132
• http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
• http://secunia.com/advisories/60206
• http://secunia.com/advisories/59627
• http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
• http://secunia.com/advisories/61316
• http://rhn.redhat.com/errata/RHSA-2014-1653.html
• http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html
• http://www.securitytracker.com/id/1031124
• http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
• http://www-01.ibm.com/support/docview.wss?uid=swg21687611
• http://marc.info/?l=bugtraq&m=141703183219781&w=2
• http://marc.info/?l=bugtraq&m=141697676231104&w=2
• http://marc.info/?l=bugtraq&m=141715130023061&w=2
• http://marc.info/?l=bugtraq&m=141694355519663&w=2
• http://www-01.ibm.com/support/docview.wss?uid=swg21688283
• http://downloads.asterisk.org/pub/security/AST-2014-011.html
• http://marc.info/?l=bugtraq&m=141697638231025&w=2
• http://rhn.redhat.com/errata/RHSA-2014-1880.html
• http://rhn.redhat.com/errata/RHSA-2014-1876.html
• http://rhn.redhat.com/errata/RHSA-2014-1881.html
• http://rhn.redhat.com/errata/RHSA-2014-1882.html
• https://www-01.ibm.com/support/docview.wss?uid=swg21688165
• http://rhn.redhat.com/errata/RHSA-2014-1877.html
• http://rhn.redhat.com/errata/RHSA-2014-1920.html
• http://rhn.redhat.com/errata/RHSA-2014-1948.html
• http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
• http://marc.info/?l=bugtraq&m=141775427104070&w=2
• http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
• http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
• http://support.apple.com/HT204244
• http://marc.info/?l=bugtraq&m=142296755107581&w=2
• http://marc.info/?l=bugtraq&m=141813976718456&w=2
• http://marc.info/?l=bugtraq&m=142354438527235&w=2
• http://www.debian.org/security/2015/dsa-3144
• http://marc.info/?l=bugtraq&m=141814011518700&w=2
• http://marc.info/?l=bugtraq&m=142496355704097&w=2
• http://www.debian.org/security/2015/dsa-3147
• http://marc.info/?l=bugtraq&m=142546741516006&w=2
• http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
• http://marc.info/?l=bugtraq&m=142350196615714&w=2
• http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
• http://www.ubuntu.com/usn/USN-2486-1
• http://marc.info/?l=bugtraq&m=141879378918327&w=2
• http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
• http://marc.info/?l=bugtraq&m=142350298616097&w=2
• http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
• http://marc.info/?l=bugtraq&m=142103967620673&w=2
• http://marc.info/?l=bugtraq&m=142357976805598&w=2
• http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
• http://www.ubuntu.com/usn/USN-2487-1
• http://marc.info/?l=bugtraq&m=142495837901899&w=2
• http://marc.info/?l=bugtraq&m=142350743917559&w=2
• http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
• http://rhn.redhat.com/errata/RHSA-2015-0080.html
• http://marc.info/?l=bugtraq&m=142624619906067
• http://marc.info/?l=bugtraq&m=142607790919348&w=2
• http://rhn.redhat.com/errata/RHSA-2015-0086.html
• http://marc.info/?l=bugtraq&m=142624619906067&w=2
• http://rhn.redhat.com/errata/RHSA-2015-0264.html
• http://rhn.redhat.com/errata/RHSA-2015-0085.html
• http://marc.info/?l=bugtraq&m=142624679706236&w=2
• http://marc.info/?l=bugtraq&m=142624719706349&w=2
• http://marc.info/?l=bugtraq&m=142118135300698&w=2
• http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
• http://marc.info/?l=bugtraq&m=142624590206005&w=2
• http://rhn.redhat.com/errata/RHSA-2015-0068.html
• http://rhn.redhat.com/errata/RHSA-2015-0079.html
• http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
• http://marc.info/?l=bugtraq&m=142660345230545&w=2
• http://rhn.redhat.com/errata/RHSA-2015-0698.html
• http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
• http://marc.info/?l=bugtraq&m=142721830231196&w=2
• http://marc.info/?l=bugtraq&m=142721887231400&w=2
• http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
• http://marc.info/?l=bugtraq&m=142740155824959&w=2
• http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
• http://marc.info/?l=bugtraq&m=142791032306609&w=2
• http://marc.info/?l=bugtraq&m=142805027510172&w=2
• http://marc.info/?l=bugtraq&m=142804214608580&w=2
• http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
• http://marc.info/?l=bugtraq&m=143039249603103&w=2
• http://marc.info/?l=bugtraq&m=143101048219218&w=2
• http://www.debian.org/security/2015/dsa-3253
• https://www.elastic.co/blog/logstash-1-4-3-released
• http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
• http://rhn.redhat.com/errata/RHSA-2015-1545.html
• http://rhn.redhat.com/errata/RHSA-2015-1546.html
• https://support.apple.com/HT205217
• http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
• http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
• http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
• http://www.vmware.com/security/advisories/VMSA-2015-0003.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• https://security.gentoo.org/glsa/201606-11
• http://marc.info/?l=bugtraq&m=145983526810210&w=2
• http://marc.info/?l=bugtraq&m=144101915224472&w=2
• http://marc.info/?l=bugtraq&m=143558192010071&w=2
• http://marc.info/?l=bugtraq&m=143290371927178&w=2
• http://marc.info/?l=bugtraq&m=144251162130364&w=2
• http://marc.info/?l=bugtraq&m=142962817202793&w=2
• http://marc.info/?l=bugtraq&m=143290437727362&w=2
• http://marc.info/?l=bugtraq&m=143628269912142&w=2
• http://marc.info/?l=bugtraq&m=141628688425177&w=2
• http://marc.info/?l=bugtraq&m=144294141001552&w=2
• http://marc.info/?l=bugtraq&m=141577350823734&w=2
• http://marc.info/?l=bugtraq&m=143290522027658&w=2
• http://marc.info/?l=bugtraq&m=141620103726640&w=2
• http://marc.info/?l=bugtraq&m=141576815022399&w=2
• http://marc.info/?l=bugtraq&m=143558137709884&w=2
• http://marc.info/?l=bugtraq&m=141577087123040&w=2
• http://marc.info/?l=bugtraq&m=143290583027876&w=2
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
• http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
• http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
• http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
• http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
• http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• https://support.lenovo.com/product_security/poodle
• http://www.debian.org/security/2016/dsa-3489
• http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
• http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html
• http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
• https://support.lenovo.com/us/en/product_security/poodle
• https://security.gentoo.org/glsa/201507-14
• https://kc.mcafee.com/corporate/index?page=content&id=SB10104
• https://kc.mcafee.com/corporate/index?page=content&id=SB10091
• https://kc.mcafee.com/corporate/index?page=content&id=SB10090
• http://www-01.ibm.com/support/docview.wss?uid=swg21692299
• https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://security.netapp.com/advisory/ntap-20141015-0001/
• https://support.citrix.com/article/CTX216642
• https://puppet.com/security/cve/poodle-sslv3-vulnerability
• https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
• https://github.com/mpgn/poodle-PoC
• https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU
• http://www.securityfocus.com/archive/1/533724/100/0/threaded
• https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
• https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
• https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
• https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
• https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
• https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
• https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7

See also: All popular products CVE Vulnerabilities of redhat

CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before…

Published: 2014-06-05T21:55:00 Last Modified: 2019-04-22T17:48:00

Summary

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 6.4
• Exploitability Score: 8.6
• CVSS: 6.8
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0195 vulnerability.

References

• http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048
• https://bugzilla.redhat.com/show_bug.cgi?id=1103598
• http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002
• http://www.openssl.org/news/secadv_20140605.txt
• https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1632ef744872edc2aa2a53d487d3e79c965a4ad3
• https://kb.bluecoat.com/index?page=content&id=SA80
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
• http://www.blackberry.com/btsc/KB36051
• http://www-01.ibm.com/support/docview.wss?uid=swg21676035
• http://secunia.com/advisories/59301
• http://secunia.com/advisories/59450
• http://secunia.com/advisories/59491
• http://secunia.com/advisories/59721
• http://www-01.ibm.com/support/docview.wss?uid=swg21677695
• http://secunia.com/advisories/59655
• http://secunia.com/advisories/59659
• http://www-01.ibm.com/support/docview.wss?uid=swg21678289
• http://secunia.com/advisories/59162
• http://secunia.com/advisories/59528
• http://secunia.com/advisories/58939
• http://secunia.com/advisories/59666
• http://secunia.com/advisories/59587
• http://secunia.com/advisories/59126
• http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15356.html
• http://www-01.ibm.com/support/docview.wss?uid=swg21677828
• http://secunia.com/advisories/59490
• http://www-01.ibm.com/support/docview.wss?uid=swg21676062
• https://kc.mcafee.com/corporate/index?page=content&id=SB10075
• http://www-01.ibm.com/support/docview.wss?uid=swg21676419
• http://www-01.ibm.com/support/docview.wss?uid=swg21678167
• http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
• http://www-01.ibm.com/support/docview.wss?uid=swg21673137
• http://secunia.com/advisories/59514
• http://www-01.ibm.com/support/docview.wss?uid=swg21677527
• http://secunia.com/advisories/59669
• http://secunia.com/advisories/59413
• http://secunia.com/advisories/58883
• http://secunia.com/advisories/59300
• http://secunia.com/advisories/59895
• http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
• http://secunia.com/advisories/59530
• http://www.fortiguard.com/advisory/FG-IR-14-018/
• http://secunia.com/advisories/59342
• http://secunia.com/advisories/59451
• http://www-01.ibm.com/support/docview.wss?uid=isg400001843
• http://secunia.com/advisories/58743
• http://www-01.ibm.com/support/docview.wss?uid=isg400001841
• http://secunia.com/advisories/59990
• http://secunia.com/advisories/60571
• http://secunia.com/advisories/59784
• http://support.apple.com/kb/HT6443
• http://seclists.org/fulldisclosure/2014/Dec/23
• http://www.vmware.com/security/advisories/VMSA-2014-0012.html
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
• http://marc.info/?l=bugtraq&m=142660345230545&w=2
• http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
• http://marc.info/?l=bugtraq&m=140431828824371&w=2
• http://marc.info/?l=bugtraq&m=140499827729550&w=2
• http://marc.info/?l=bugtraq&m=140266410314613&w=2
• http://marc.info/?l=bugtraq&m=140448122410568&w=2
• http://marc.info/?l=bugtraq&m=140491231331543&w=2
• http://marc.info/?l=bugtraq&m=140621259019789&w=2
• http://marc.info/?l=bugtraq&m=140482916501310&w=2
• http://marc.info/?l=bugtraq&m=140389274407904&w=2
• http://marc.info/?l=bugtraq&m=140317760000786&w=2
• http://marc.info/?l=bugtraq&m=140904544427729&w=2
• http://marc.info/?l=bugtraq&m=140389355508263&w=2
• http://marc.info/?l=bugtraq&m=140752315422991&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
• https://www.novell.com/support/kb/doc.php?id=7015271
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
• http://www-01.ibm.com/support/docview.wss?uid=swg21683332
• http://www-01.ibm.com/support/docview.wss?uid=swg21676889
• http://www-01.ibm.com/support/docview.wss?uid=swg21676879
• http://www-01.ibm.com/support/docview.wss?uid=swg21676644
• http://www-01.ibm.com/support/docview.wss?uid=swg21676071
• http://www-01.ibm.com/support/docview.wss?uid=swg21675821
• http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
• http://www.vmware.com/security/advisories/VMSA-2014-0006.html
• http://www.securitytracker.com/id/1030337
• http://www.securityfocus.com/bid/67900
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
• http://www.ibm.com/support/docview.wss?uid=swg24037783
• http://www.ibm.com/support/docview.wss?uid=swg21676793
• http://www.ibm.com/support/docview.wss?uid=swg21676356
• http://www.f-secure.com/en/web/labs_global/fsc-2014-6
• http://support.citrix.com/article/CTX140876
• http://security.gentoo.org/glsa/glsa-201407-05.xml
• http://secunia.com/advisories/61254
• http://secunia.com/advisories/59518
• http://secunia.com/advisories/59454
• http://secunia.com/advisories/59449
• http://secunia.com/advisories/59441
• http://secunia.com/advisories/59437
• http://secunia.com/advisories/59429
• http://secunia.com/advisories/59365
• http://secunia.com/advisories/59364
• http://secunia.com/advisories/59310
• http://secunia.com/advisories/59306
• http://secunia.com/advisories/59305
• http://secunia.com/advisories/59287
• http://secunia.com/advisories/59223
• http://secunia.com/advisories/59192
• http://secunia.com/advisories/59189
• http://secunia.com/advisories/59188
• http://secunia.com/advisories/59175
• http://secunia.com/advisories/59040
• http://secunia.com/advisories/58977
• http://secunia.com/advisories/58945
• http://secunia.com/advisories/58714
• http://secunia.com/advisories/58713
• http://secunia.com/advisories/58660
• http://secunia.com/advisories/58615
• http://secunia.com/advisories/58337
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
• http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
• http://www.securityfocus.com/archive/1/534161/100/0/threaded

See also: All popular products CVE Vulnerabilities of redhat

CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before…

Published: 2014-06-05T21:55:00 Last Modified: 2019-04-22T17:48:00

Summary

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0221 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=1103593
• https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846
• http://www.openssl.org/news/secadv_20140605.txt
• https://kb.bluecoat.com/index?page=content&id=SA80
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
• http://www.blackberry.com/btsc/KB36051
• http://www-01.ibm.com/support/docview.wss?uid=swg21676035
• http://secunia.com/advisories/59301
• http://secunia.com/advisories/59450
• http://secunia.com/advisories/59491
• http://secunia.com/advisories/59721
• http://www-01.ibm.com/support/docview.wss?uid=swg21677695
• http://secunia.com/advisories/59655
• http://secunia.com/advisories/59659
• http://secunia.com/advisories/59162
• http://www-01.ibm.com/support/docview.wss?uid=swg21678289
• http://secunia.com/advisories/59120
• http://secunia.com/advisories/59528
• http://secunia.com/advisories/58939
• http://secunia.com/advisories/59666
• http://secunia.com/advisories/59126
• http://www-01.ibm.com/support/docview.wss?uid=swg21677828
• http://secunia.com/advisories/59490
• http://www-01.ibm.com/support/docview.wss?uid=swg21676062
• https://kc.mcafee.com/corporate/index?page=content&id=SB10075
• http://www-01.ibm.com/support/docview.wss?uid=swg21676419
• http://www-01.ibm.com/support/docview.wss?uid=swg21678167
• http://www.novell.com/support/kb/doc.php?id=7015300
• http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
• http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
• http://www-01.ibm.com/support/docview.wss?uid=swg21673137
• http://secunia.com/advisories/59514
• http://www-01.ibm.com/support/docview.wss?uid=swg21677527
• http://secunia.com/advisories/59495
• http://secunia.com/advisories/59669
• http://secunia.com/advisories/59413
• http://www.novell.com/support/kb/doc.php?id=7015264
• http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
• http://secunia.com/advisories/59300
• http://secunia.com/advisories/59895
• http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
• http://www.fortiguard.com/advisory/FG-IR-14-018/
• http://secunia.com/advisories/59342
• http://secunia.com/advisories/59451
• http://www-01.ibm.com/support/docview.wss?uid=isg400001843
• http://www-01.ibm.com/support/docview.wss?uid=isg400001841
• http://rhn.redhat.com/errata/RHSA-2014-1021.html
• http://secunia.com/advisories/59990
• http://secunia.com/advisories/59221
• http://secunia.com/advisories/60571
• http://linux.oracle.com/errata/ELSA-2014-1053.html
• http://secunia.com/advisories/60687
• http://secunia.com/advisories/59784
• http://support.apple.com/kb/HT6443
• http://seclists.org/fulldisclosure/2014/Dec/23
• http://www.vmware.com/security/advisories/VMSA-2014-0012.html
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
• http://marc.info/?l=bugtraq&m=140431828824371&w=2
• http://marc.info/?l=bugtraq&m=140499827729550&w=2
• http://marc.info/?l=bugtraq&m=140266410314613&w=2
• http://marc.info/?l=bugtraq&m=140448122410568&w=2
• http://marc.info/?l=bugtraq&m=140491231331543&w=2
• http://marc.info/?l=bugtraq&m=140621259019789&w=2
• http://marc.info/?l=bugtraq&m=140482916501310&w=2
• http://marc.info/?l=bugtraq&m=140389274407904&w=2
• http://marc.info/?l=bugtraq&m=140317760000786&w=2
• http://marc.info/?l=bugtraq&m=140904544427729&w=2
• http://marc.info/?l=bugtraq&m=140389355508263&w=2
• http://marc.info/?l=bugtraq&m=140752315422991&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
• https://www.novell.com/support/kb/doc.php?id=7015271
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
• http://www-01.ibm.com/support/docview.wss?uid=swg21683332
• http://www-01.ibm.com/support/docview.wss?uid=swg21676889
• http://www-01.ibm.com/support/docview.wss?uid=swg21676879
• http://www-01.ibm.com/support/docview.wss?uid=swg21676071
• http://www-01.ibm.com/support/docview.wss?uid=swg21675821
• http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
• http://www.vmware.com/security/advisories/VMSA-2014-0006.html
• http://www.securitytracker.com/id/1030337
• http://www.securityfocus.com/bid/67901
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:105
• http://www.ibm.com/support/docview.wss?uid=swg24037783
• http://www.ibm.com/support/docview.wss?uid=swg21676793
• http://www.ibm.com/support/docview.wss?uid=swg21676356
• http://www.ibm.com/support/docview.wss?uid=swg21676226
• http://support.citrix.com/article/CTX140876
• http://security.gentoo.org/glsa/glsa-201407-05.xml
• http://secunia.com/advisories/61254
• http://secunia.com/advisories/59518
• http://secunia.com/advisories/59460
• http://secunia.com/advisories/59454
• http://secunia.com/advisories/59449
• http://secunia.com/advisories/59441
• http://secunia.com/advisories/59437
• http://secunia.com/advisories/59429
• http://secunia.com/advisories/59365
• http://secunia.com/advisories/59364
• http://secunia.com/advisories/59310
• http://secunia.com/advisories/59306
• http://secunia.com/advisories/59287
• http://secunia.com/advisories/59284
• http://secunia.com/advisories/59192
• http://secunia.com/advisories/59189
• http://secunia.com/advisories/59175
• http://secunia.com/advisories/59167
• http://secunia.com/advisories/59027
• http://secunia.com/advisories/58977
• http://secunia.com/advisories/58945
• http://secunia.com/advisories/58714
• http://secunia.com/advisories/58713
• http://secunia.com/advisories/58615
• http://secunia.com/advisories/58337
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
• http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
• http://www.securityfocus.com/archive/1/534161/100/0/threaded

See also: All popular products CVE Vulnerabilities of redhat

CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict…

Published: 2014-06-05T21:55:00 Last Modified: 2021-11-17T22:15:00

Summary

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the “CCS Injection” vulnerability.

Common Weakness Enumeration (CWE): CWE-326: Inadequate Encryption Strength

CWE Description: The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Scores

• Impact Score: 4.9
• Exploitability Score: 8.6
• CVSS: 5.8
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0224 vulnerability.

References

• http://www.openssl.org/news/secadv_20140605.txt
• http://ccsinjection.lepidum.co.jp
• http://www.kb.cert.org/vuls/id/978508
• https://bugzilla.redhat.com/show_bug.cgi?id=1103586
• https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441
• https://www.imperialviolet.org/2014/06/05/earlyccs.html
• https://access.redhat.com/site/blogs/766093/posts/908133
• http://secunia.com/advisories/59191
• http://secunia.com/advisories/58579
• https://kb.bluecoat.com/index?page=content&id=SA80
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
• http://www.kerio.com/support/kerio-control/release-history
• http://secunia.com/advisories/59438
• http://www-01.ibm.com/support/docview.wss?uid=swg21676035
• http://secunia.com/advisories/59301
• http://secunia.com/advisories/59721
• http://secunia.com/advisories/59491
• http://secunia.com/advisories/59450
• http://www-01.ibm.com/support/docview.wss?uid=swg21676845
• http://secunia.com/advisories/59655
• http://www-01.ibm.com/support/docview.wss?uid=swg21677695
• http://secunia.com/advisories/59659
• http://secunia.com/advisories/58639
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737
• http://secunia.com/advisories/58759
• http://www-01.ibm.com/support/docview.wss?uid=swg21678289
• http://secunia.com/advisories/59043
• http://secunia.com/advisories/59666
• http://secunia.com/advisories/59126
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740
• http://marc.info/?l=bugtraq&m=140499864129699&w=2
• http://www-01.ibm.com/support/docview.wss?uid=swg21677567
• http://secunia.com/advisories/59055
• http://secunia.com/advisories/59490
• http://www-01.ibm.com/support/docview.wss?uid=swg21676419
• https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf
• http://www.novell.com/support/kb/doc.php?id=7015300
• http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
• http://www-01.ibm.com/support/docview.wss?uid=swg21673137
• http://secunia.com/advisories/59514
• http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html
• http://secunia.com/advisories/59602
• http://secunia.com/advisories/59495
• http://www.novell.com/support/kb/doc.php?id=7015264
• http://esupport.trendmicro.com/solution/en-US/1103813.aspx
• http://secunia.com/advisories/58930
• http://secunia.com/advisories/59370
• http://secunia.com/advisories/59012
• http://www.blackberry.com/btsc/KB36051
• http://secunia.com/advisories/58385
• http://www-01.ibm.com/support/docview.wss?uid=swg21676655
• http://secunia.com/advisories/59120
• http://secunia.com/advisories/59162
• http://secunia.com/advisories/58939
• http://secunia.com/advisories/59528
• http://secunia.com/advisories/59063
• http://www-01.ibm.com/support/docview.wss?uid=swg21677828
• http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172
• http://secunia.com/advisories/58128
• http://www-01.ibm.com/support/docview.wss?uid=swg21676062
• https://kc.mcafee.com/corporate/index?page=content&id=SB10075
• http://www-01.ibm.com/support/docview.wss?uid=swg21676496
• http://www-01.ibm.com/support/docview.wss?uid=swg21678167
• http://secunia.com/advisories/59442
• http://secunia.com/advisories/59824
• http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
• http://www-01.ibm.com/support/docview.wss?uid=swg21677527
• https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf
• http://secunia.com/advisories/59827
• http://secunia.com/advisories/59669
• http://secunia.com/advisories/59413
• http://www-01.ibm.com/support/docview.wss?uid=swg24037761
• http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
• http://www-01.ibm.com/support/docview.wss?uid=swg21677390
• http://secunia.com/advisories/59300
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690
• http://secunia.com/advisories/59383
• http://www.splunk.com/view/SP-CAAAM2D
• https://discussions.nessus.org/thread/7517
• http://secunia.com/advisories/59885
• http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download
• http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
• http://secunia.com/advisories/59459
• http://secunia.com/advisories/58745
• http://secunia.com/advisories/59530
• http://secunia.com/advisories/59589
• http://secunia.com/advisories/59451
• http://www-01.ibm.com/support/docview.wss?uid=isg400001843
• http://www.fortiguard.com/advisory/FG-IR-14-018/
• http://secunia.com/advisories/59506
• https://filezilla-project.org/versions.php?type=server
• http://www-01.ibm.com/support/docview.wss?uid=isg400001841
• http://secunia.com/advisories/59894
• http://secunia.com/advisories/60049
• https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
• http://secunia.com/advisories/58743
• http://secunia.com/advisories/59342
• http://secunia.com/advisories/59325
• http://secunia.com/advisories/59354
• http://secunia.com/advisories/59916
• http://rhn.redhat.com/errata/RHSA-2014-0624.html
• http://marc.info/?l=bugtraq&m=140386311427810&w=2
• http://rhn.redhat.com/errata/RHSA-2014-0631.html
• http://rhn.redhat.com/errata/RHSA-2014-0632.html
• http://rhn.redhat.com/errata/RHSA-2014-0630.html
• http://rhn.redhat.com/errata/RHSA-2014-0627.html
• http://marc.info/?l=bugtraq&m=140369637402535&w=2
• http://rhn.redhat.com/errata/RHSA-2014-0680.html
• http://rhn.redhat.com/errata/RHSA-2014-0633.html
• http://rhn.redhat.com/errata/RHSA-2014-0626.html
• http://secunia.com/advisories/60066
• http://puppetlabs.com/security/cve/cve-2014-0224
• http://secunia.com/advisories/59990
• http://secunia.com/advisories/60522
• http://linux.oracle.com/errata/ELSA-2014-1053.html
• http://secunia.com/advisories/60577
• http://secunia.com/advisories/59784
• http://secunia.com/advisories/59878
• http://secunia.com/advisories/60176
• http://secunia.com/advisories/60567
• http://secunia.com/advisories/60571
• http://secunia.com/advisories/60819
• http://support.apple.com/kb/HT6443
• http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
• http://marc.info/?l=bugtraq&m=141164638606214&w=2
• http://marc.info/?l=bugtraq&m=141383465822787&w=2
• http://marc.info/?l=bugtraq&m=141025641601169&w=2
• http://marc.info/?l=bugtraq&m=141383410222440&w=2
• http://marc.info/?l=bugtraq&m=141147110427269&w=2
• http://marc.info/?l=bugtraq&m=140983229106599&w=2
• http://secunia.com/advisories/61815
• http://www.securitytracker.com/id/1031032
• http://www.vmware.com/security/advisories/VMSA-2014-0012.html
• http://seclists.org/fulldisclosure/2014/Dec/23
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
• http://www.securitytracker.com/id/1031594
• http://marc.info/?l=bugtraq&m=142546741516006&w=2
• http://marc.info/?l=bugtraq&m=142350350616251&w=2
• http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html
• http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
• http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
• http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
• http://marc.info/?l=bugtraq&m=142805027510172&w=2
• http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
• http://marc.info/?l=bugtraq&m=141658880509699&w=2
• http://marc.info/?l=bugtraq&m=140448122410568&w=2
• http://marc.info/?l=bugtraq&m=140491231331543&w=2
• http://marc.info/?l=bugtraq&m=140621259019789&w=2
• http://marc.info/?l=bugtraq&m=140482916501310&w=2
• http://marc.info/?l=bugtraq&m=140870499402361&w=2
• http://marc.info/?l=bugtraq&m=140784085708882&w=2
• http://marc.info/?l=bugtraq&m=140852826008699&w=2
• http://marc.info/?l=bugtraq&m=140604261522465&w=2
• http://marc.info/?l=bugtraq&m=140431828824371&w=2
• http://marc.info/?l=bugtraq&m=140266410314613&w=2
• http://marc.info/?l=bugtraq&m=140852757108392&w=2
• http://marc.info/?l=bugtraq&m=140544599631400&w=2
• http://marc.info/?l=bugtraq&m=140389274407904&w=2
• http://marc.info/?l=bugtraq&m=140672208601650&w=2
• http://marc.info/?l=bugtraq&m=140317760000786&w=2
• http://marc.info/?l=bugtraq&m=140904544427729&w=2
• http://marc.info/?l=bugtraq&m=140389355508263&w=2
• http://marc.info/?l=bugtraq&m=140752315422991&w=2
• http://marc.info/?l=bugtraq&m=140794476212181&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
• http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
• https://www.novell.com/support/kb/doc.php?id=7015271
• https://www.ibm.com/support/docview.wss?uid=ssg1S1004671
• https://www.ibm.com/support/docview.wss?uid=ssg1S1004670
• https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
• http://www-01.ibm.com/support/docview.wss?uid=swg24037870
• http://www-01.ibm.com/support/docview.wss?uid=swg24037732
• http://www-01.ibm.com/support/docview.wss?uid=swg24037731
• http://www-01.ibm.com/support/docview.wss?uid=swg24037730
• http://www-01.ibm.com/support/docview.wss?uid=swg24037729
• http://www-01.ibm.com/support/docview.wss?uid=swg24037727
• http://www-01.ibm.com/support/docview.wss?uid=swg21683332
• http://www-01.ibm.com/support/docview.wss?uid=swg21678233
• http://www-01.ibm.com/support/docview.wss?uid=swg21677836
• http://www-01.ibm.com/support/docview.wss?uid=swg21677131
• http://www-01.ibm.com/support/docview.wss?uid=swg21677080
• http://www-01.ibm.com/support/docview.wss?uid=swg21676889
• http://www-01.ibm.com/support/docview.wss?uid=swg21676879
• http://www-01.ibm.com/support/docview.wss?uid=swg21676833
• http://www-01.ibm.com/support/docview.wss?uid=swg21676786
• http://www-01.ibm.com/support/docview.wss?uid=swg21676644
• http://www-01.ibm.com/support/docview.wss?uid=swg21676615
• http://www-01.ibm.com/support/docview.wss?uid=swg21676536
• http://www-01.ibm.com/support/docview.wss?uid=swg21676529
• http://www-01.ibm.com/support/docview.wss?uid=swg21676501
• http://www-01.ibm.com/support/docview.wss?uid=swg21676478
• http://www-01.ibm.com/support/docview.wss?uid=swg21676334
• http://www-01.ibm.com/support/docview.wss?uid=swg21676333
• http://www-01.ibm.com/support/docview.wss?uid=swg21676071
• http://www-01.ibm.com/support/docview.wss?uid=swg21675821
• http://www-01.ibm.com/support/docview.wss?uid=swg21675626
• http://www-01.ibm.com/support/docview.wss?uid=swg1IV61506
• http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
• http://www.vmware.com/security/advisories/VMSA-2014-0006.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:105
• http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
• http://www.ibm.com/support/docview.wss?uid=swg24037783
• http://www.ibm.com/support/docview.wss?uid=swg21676877
• http://www.ibm.com/support/docview.wss?uid=swg21676793
• http://www.ibm.com/support/docview.wss?uid=swg21676356
• http://www.ibm.com/support/docview.wss?uid=swg1IT02314
• http://www.ibm.com/support/docview.wss?uid=ssg1S1004678
• http://www.ibm.com/support/docview.wss?uid=isg3T1020948
• http://www.f-secure.com/en/web/labs_global/fsc-2014-6
• http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html
• http://support.citrix.com/article/CTX140876
• http://security.gentoo.org/glsa/glsa-201407-05.xml
• http://secunia.com/advisories/61254
• http://secunia.com/advisories/59677
• http://secunia.com/advisories/59661
• http://secunia.com/advisories/59529
• http://secunia.com/advisories/59525
• http://secunia.com/advisories/59518
• http://secunia.com/advisories/59502
• http://secunia.com/advisories/59483
• http://secunia.com/advisories/59460
• http://secunia.com/advisories/59454
• http://secunia.com/advisories/59449
• http://secunia.com/advisories/59448
• http://secunia.com/advisories/59447
• http://secunia.com/advisories/59446
• http://secunia.com/advisories/59445
• http://secunia.com/advisories/59444
• http://secunia.com/advisories/59441
• http://secunia.com/advisories/59440
• http://secunia.com/advisories/59437
• http://secunia.com/advisories/59435
• http://secunia.com/advisories/59429
• http://secunia.com/advisories/59389
• http://secunia.com/advisories/59380
• http://secunia.com/advisories/59375
• http://secunia.com/advisories/59374
• http://secunia.com/advisories/59368
• http://secunia.com/advisories/59365
• http://secunia.com/advisories/59364
• http://secunia.com/advisories/59362
• http://secunia.com/advisories/59347
• http://secunia.com/advisories/59338
• http://secunia.com/advisories/59310
• http://secunia.com/advisories/59306
• http://secunia.com/advisories/59305
• http://secunia.com/advisories/59287
• http://secunia.com/advisories/59284
• http://secunia.com/advisories/59282
• http://secunia.com/advisories/59264
• http://secunia.com/advisories/59231
• http://secunia.com/advisories/59223
• http://secunia.com/advisories/59215
• http://secunia.com/advisories/59214
• http://secunia.com/advisories/59211
• http://secunia.com/advisories/59202
• http://secunia.com/advisories/59192
• http://secunia.com/advisories/59190
• http://secunia.com/advisories/59189
• http://secunia.com/advisories/59188
• http://secunia.com/advisories/59186
• http://secunia.com/advisories/59175
• http://secunia.com/advisories/59167
• http://secunia.com/advisories/59163
• http://secunia.com/advisories/59142
• http://secunia.com/advisories/59135
• http://secunia.com/advisories/59132
• http://secunia.com/advisories/59101
• http://secunia.com/advisories/59093
• http://secunia.com/advisories/59040
• http://secunia.com/advisories/59004
• http://secunia.com/advisories/58977
• http://secunia.com/advisories/58945
• http://secunia.com/advisories/58742
• http://secunia.com/advisories/58719
• http://secunia.com/advisories/58716
• http://secunia.com/advisories/58714
• http://secunia.com/advisories/58713
• http://secunia.com/advisories/58667
• http://secunia.com/advisories/58660
• http://secunia.com/advisories/58615
• http://secunia.com/advisories/58492
• http://secunia.com/advisories/58433
• http://secunia.com/advisories/58337
• http://seclists.org/fulldisclosure/2014/Jun/38
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217
• http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
• http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.securityfocus.com/archive/1/534161/100/0/threaded
• https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf
• https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005

See also: All popular products CVE Vulnerabilities of redhat

CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before…

Published: 2014-06-05T21:55:00 Last Modified: 2019-04-22T17:48:00

Summary

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

CWE Description: Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Scores

• Impact Score: 2.9
• Exploitability Score: 8.6
• CVSS: 4.3
• CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-3470 vulnerability.

References

• http://www.openssl.org/news/secadv_20140605.txt
• https://bugzilla.redhat.com/show_bug.cgi?id=1103600
• https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb
• http://www.securityfocus.com/bid/67898
• http://secunia.com/advisories/58797
• http://secunia.com/advisories/59191
• http://secunia.com/advisories/58579
• https://kb.bluecoat.com/index?page=content&id=SA80
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
• http://www.blackberry.com/btsc/KB36051
• http://www-01.ibm.com/support/docview.wss?uid=swg21676035
• http://secunia.com/advisories/59438
• http://secunia.com/advisories/59301
• http://secunia.com/advisories/59450
• http://secunia.com/advisories/59491
• http://secunia.com/advisories/59721
• http://www-01.ibm.com/support/docview.wss?uid=swg21677695
• http://secunia.com/advisories/59655
• http://secunia.com/advisories/59659
• http://secunia.com/advisories/59162
• http://secunia.com/advisories/59120
• http://www-01.ibm.com/support/docview.wss?uid=swg21676655
• http://www-01.ibm.com/support/docview.wss?uid=swg21678289
• http://secunia.com/advisories/58939
• http://secunia.com/advisories/59666
• http://secunia.com/advisories/59126
• http://www-01.ibm.com/support/docview.wss?uid=swg21677828
• http://www-01.ibm.com/support/docview.wss?uid=swg21676062
• http://secunia.com/advisories/59490
• https://kc.mcafee.com/corporate/index?page=content&id=SB10075
• http://www-01.ibm.com/support/docview.wss?uid=swg21676496
• http://www-01.ibm.com/support/docview.wss?uid=swg21676419
• http://www-01.ibm.com/support/docview.wss?uid=swg21678167
• http://secunia.com/advisories/59442
• http://www.novell.com/support/kb/doc.php?id=7015300
• http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
• http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
• http://www-01.ibm.com/support/docview.wss?uid=swg21673137
• http://secunia.com/advisories/59514
• http://www-01.ibm.com/support/docview.wss?uid=swg21677527
• http://secunia.com/advisories/59495
• http://secunia.com/advisories/59669
• http://secunia.com/advisories/59413
• http://www.novell.com/support/kb/doc.php?id=7015264
• http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
• http://www-01.ibm.com/support/docview.wss?uid=swg24037761
• http://secunia.com/advisories/59300
• http://www.splunk.com/view/SP-CAAAM2D
• http://secunia.com/advisories/59895
• http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
• http://secunia.com/advisories/59459
• http://secunia.com/advisories/59451
• http://www-01.ibm.com/support/docview.wss?uid=isg400001843
• http://secunia.com/advisories/59342
• http://www-01.ibm.com/support/docview.wss?uid=isg400001841
• http://secunia.com/advisories/59916
• http://secunia.com/advisories/59990
• http://secunia.com/advisories/60571
• http://secunia.com/advisories/59784
• http://support.apple.com/kb/HT6443
• http://seclists.org/fulldisclosure/2014/Dec/23
• http://www.vmware.com/security/advisories/VMSA-2014-0012.html
• http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
• http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
• http://marc.info/?l=bugtraq&m=140431828824371&w=2
• http://marc.info/?l=bugtraq&m=140499827729550&w=2
• http://marc.info/?l=bugtraq&m=140266410314613&w=2
• http://marc.info/?l=bugtraq&m=140448122410568&w=2
• http://marc.info/?l=bugtraq&m=140491231331543&w=2
• http://marc.info/?l=bugtraq&m=140621259019789&w=2
• http://marc.info/?l=bugtraq&m=140482916501310&w=2
• http://marc.info/?l=bugtraq&m=140389274407904&w=2
• http://marc.info/?l=bugtraq&m=140317760000786&w=2
• http://marc.info/?l=bugtraq&m=140904544427729&w=2
• http://marc.info/?l=bugtraq&m=140389355508263&w=2
• http://marc.info/?l=bugtraq&m=140752315422991&w=2
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
• https://www.novell.com/support/kb/doc.php?id=7015271
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
• http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
• http://www-01.ibm.com/support/docview.wss?uid=swg21683332
• http://www-01.ibm.com/support/docview.wss?uid=swg21677836
• http://www-01.ibm.com/support/docview.wss?uid=swg21676889
• http://www-01.ibm.com/support/docview.wss?uid=swg21676879
• http://www-01.ibm.com/support/docview.wss?uid=swg21676615
• http://www-01.ibm.com/support/docview.wss?uid=swg21676529
• http://www-01.ibm.com/support/docview.wss?uid=swg21676501
• http://www-01.ibm.com/support/docview.wss?uid=swg21676071
• http://www-01.ibm.com/support/docview.wss?uid=swg21675821
• http://www-01.ibm.com/support/docview.wss?uid=swg21675626
• http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
• http://www.vmware.com/security/advisories/VMSA-2014-0006.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:106
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:105
• http://www.ibm.com/support/docview.wss?uid=swg24037783
• http://www.ibm.com/support/docview.wss?uid=swg21676793
• http://www.ibm.com/support/docview.wss?uid=swg21676356
• http://www.f-secure.com/en/web/labs_global/fsc-2014-6
• http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15342.html
• http://support.citrix.com/article/CTX140876
• http://security.gentoo.org/glsa/glsa-201407-05.xml
• http://secunia.com/advisories/61254
• http://secunia.com/advisories/59525
• http://secunia.com/advisories/59518
• http://secunia.com/advisories/59483
• http://secunia.com/advisories/59460
• http://secunia.com/advisories/59449
• http://secunia.com/advisories/59445
• http://secunia.com/advisories/59441
• http://secunia.com/advisories/59440
• http://secunia.com/advisories/59437
• http://secunia.com/advisories/59431
• http://secunia.com/advisories/59365
• http://secunia.com/advisories/59364
• http://secunia.com/advisories/59362
• http://secunia.com/advisories/59340
• http://secunia.com/advisories/59310
• http://secunia.com/advisories/59306
• http://secunia.com/advisories/59287
• http://secunia.com/advisories/59284
• http://secunia.com/advisories/59282
• http://secunia.com/advisories/59264
• http://secunia.com/advisories/59223
• http://secunia.com/advisories/59192
• http://secunia.com/advisories/59189
• http://secunia.com/advisories/59175
• http://secunia.com/advisories/59167
• http://secunia.com/advisories/58977
• http://secunia.com/advisories/58945
• http://secunia.com/advisories/58742
• http://secunia.com/advisories/58716
• http://secunia.com/advisories/58714
• http://secunia.com/advisories/58713
• http://secunia.com/advisories/58667
• http://secunia.com/advisories/58615
• http://secunia.com/advisories/58337
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
• http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
• http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
• http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
• http://www.securityfocus.com/archive/1/534161/100/0/threaded
• https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf

See also: All popular products CVE Vulnerabilities of redhat

CVE-2014-0160: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle…

Published: 2014-04-07T22:55:00 Last Modified: 2020-10-15T13:29:00

Summary

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

• Availability: NONE
• Confidentiality: PARTIAL
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Exploits Database (Total Exploits Count: 5)

Code designed for conducting penetration testing on CVE-2014-0160 vulnerability.

• HeartBleed Attack - Paper by Jaspreet Singh at 2020-12-22
• OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support) by Ayman Sagy at 2014-04-24
• OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (1) by prdelka at 2014-04-10
• OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS Versions) by Fitzl Csaba at 2014-04-09
• OpenSSL TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure by Jared Stafford at 2014-04-08

References

• http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
• https://bugzilla.redhat.com/show_bug.cgi?id=1084875
• http://www.openssl.org/news/secadv_20140407.txt
• http://heartbleed.com/
• http://www.securitytracker.com/id/1030078
• http://seclists.org/fulldisclosure/2014/Apr/109
• http://seclists.org/fulldisclosure/2014/Apr/190
• https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
• http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
• http://rhn.redhat.com/errata/RHSA-2014-0376.html
• http://rhn.redhat.com/errata/RHSA-2014-0396.html
• http://www.securitytracker.com/id/1030082
• http://secunia.com/advisories/57347
• http://marc.info/?l=bugtraq&m=139722163017074&w=2
• http://www.securitytracker.com/id/1030077
• http://www-01.ibm.com/support/docview.wss?uid=swg21670161
• http://www.debian.org/security/2014/dsa-2896
• http://rhn.redhat.com/errata/RHSA-2014-0377.html
• http://www.securitytracker.com/id/1030080
• http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
• http://www.securitytracker.com/id/1030074
• http://seclists.org/fulldisclosure/2014/Apr/90
• http://www.securitytracker.com/id/1030081
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
• http://rhn.redhat.com/errata/RHSA-2014-0378.html
• http://seclists.org/fulldisclosure/2014/Apr/91
• http://secunia.com/advisories/57483
• http://www.splunk.com/view/SP-CAAAMB3
• http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
• http://www.securitytracker.com/id/1030079
• http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
• http://secunia.com/advisories/57721
• http://www.blackberry.com/btsc/KB35882
• http://www.securitytracker.com/id/1030026
• http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
• http://www.securityfocus.com/bid/66690
• http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
• http://www.us-cert.gov/ncas/alerts/TA14-098A
• http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
• http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
• https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
• http://secunia.com/advisories/57966
• http://www.f-secure.com/en/web/labs_global/fsc-2014-1
• http://seclists.org/fulldisclosure/2014/Apr/173
• http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
• http://secunia.com/advisories/57968
• https://code.google.com/p/mod-spdy/issues/detail?id=85
• http://www.exploit-db.com/exploits/32745
• http://www.kb.cert.org/vuls/id/720951
• https://www.cert.fi/en/reports/2014/vulnerability788210.html
• http://www.exploit-db.com/exploits/32764
• http://secunia.com/advisories/57836
• https://gist.github.com/chapmajs/10473815
• http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
• http://cogentdatahub.com/ReleaseNotes.html
• http://marc.info/?l=bugtraq&m=139905458328378&w=2
• http://marc.info/?l=bugtraq&m=139869891830365&w=2
• http://marc.info/?l=bugtraq&m=139889113431619&w=2
• http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
• http://www.kerio.com/support/kerio-control/release-history
• http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
• http://advisories.mageia.org/MGASA-2014-0165.html
• https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
• http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
• http://www-01.ibm.com/support/docview.wss?uid=isg400001843
• https://filezilla-project.org/versions.php?type=server
• http://www-01.ibm.com/support/docview.wss?uid=isg400001841
• https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
• http://marc.info/?l=bugtraq&m=141287864628122&w=2
• http://seclists.org/fulldisclosure/2014/Dec/23
• http://www.vmware.com/security/advisories/VMSA-2014-0012.html
• http://marc.info/?l=bugtraq&m=142660345230545&w=2
• http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
• http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
• http://marc.info/?l=bugtraq&m=139817727317190&w=2
• http://marc.info/?l=bugtraq&m=139757726426985&w=2
• http://marc.info/?l=bugtraq&m=139758572430452&w=2
• http://marc.info/?l=bugtraq&m=139905653828999&w=2
• http://marc.info/?l=bugtraq&m=139842151128341&w=2
• http://marc.info/?l=bugtraq&m=139905405728262&w=2
• http://marc.info/?l=bugtraq&m=139833395230364&w=2
• http://marc.info/?l=bugtraq&m=139824993005633&w=2
• http://marc.info/?l=bugtraq&m=139843768401936&w=2
• http://marc.info/?l=bugtraq&m=139905202427693&w=2
• http://marc.info/?l=bugtraq&m=139774054614965&w=2
• http://marc.info/?l=bugtraq&m=139889295732144&w=2
• http://marc.info/?l=bugtraq&m=139835815211508&w=2
• http://marc.info/?l=bugtraq&m=140724451518351&w=2
• http://marc.info/?l=bugtraq&m=139808058921905&w=2
• http://marc.info/?l=bugtraq&m=139836085512508&w=2
• http://marc.info/?l=bugtraq&m=139869720529462&w=2
• http://marc.info/?l=bugtraq&m=139905868529690&w=2
• http://marc.info/?l=bugtraq&m=139765756720506&w=2
• http://marc.info/?l=bugtraq&m=140015787404650&w=2
• http://marc.info/?l=bugtraq&m=139824923705461&w=2
• http://marc.info/?l=bugtraq&m=139757919027752&w=2
• http://marc.info/?l=bugtraq&m=139774703817488&w=2
• http://marc.info/?l=bugtraq&m=139905243827825&w=2
• http://marc.info/?l=bugtraq&m=140075368411126&w=2
• http://marc.info/?l=bugtraq&m=139905295427946&w=2
• http://marc.info/?l=bugtraq&m=139835844111589&w=2
• http://marc.info/?l=bugtraq&m=139757819327350&w=2
• http://marc.info/?l=bugtraq&m=139817685517037&w=2
• http://marc.info/?l=bugtraq&m=139905351928096&w=2
• http://marc.info/?l=bugtraq&m=139817782017443&w=2
• http://marc.info/?l=bugtraq&m=140752315422991&w=2
• http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
• http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
• http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
• http://secunia.com/advisories/59347
• http://secunia.com/advisories/59243
• http://secunia.com/advisories/59139
• http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
• http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
• https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
• http://support.citrix.com/article/CTX140605
• http://www.ubuntu.com/usn/USN-2165-1
• http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
• http://www.securityfocus.com/archive/1/534161/100/0/threaded
• https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
• https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
• https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
• https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
• https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
• https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E

See also: All popular products CVE Vulnerabilities of redhat

CVE-2013-0166: OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform…

Published: 2013-02-08T19:55:00 Last Modified: 2018-08-09T01:29:00

Summary

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Common Weakness Enumeration (CWE): CWE-310: Cryptographic Issues

CWE Description: Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2013-0166 vulnerability.

References

• http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200
• http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7
• http://www.openssl.org/news/secadv_20130204.txt
• https://bugzilla.redhat.com/show_bug.cgi?id=908052
• http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0
• http://www.debian.org/security/2013/dsa-2621
• http://rhn.redhat.com/errata/RHSA-2013-0587.html
• http://rhn.redhat.com/errata/RHSA-2013-0783.html
• http://marc.info/?l=bugtraq&m=136396549913849&w=2
• http://rhn.redhat.com/errata/RHSA-2013-0782.html
• http://www.kb.cert.org/vuls/id/737740
• http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
• http://support.apple.com/kb/HT5880
• http://secunia.com/advisories/55139
• http://secunia.com/advisories/55108
• http://rhn.redhat.com/errata/RHSA-2013-0833.html
• http://marc.info/?l=bugtraq&m=137545771702053&w=2
• http://www.splunk.com/view/SP-CAAAHXG
• http://secunia.com/advisories/53623
• http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
• http://marc.info/?l=bugtraq&m=136432043316835&w=2
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001

See also: All popular products CVE Vulnerabilities of redhat

CVE-2012-2333: Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when…

Published: 2012-05-14T22:55:00 Last Modified: 2018-01-05T02:29:00

Summary

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

• Impact Score: 6.4
• Exploitability Score: 8.6
• CVSS: 6.8
• CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: MEDIUM
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2012-2333 vulnerability.

References

• http://cvs.openssl.org/chngview?cn=22547
• http://cvs.openssl.org/chngview?cn=22538
• http://www.cert.fi/en/reports/2012/vulnerability641549.html
• https://bugzilla.redhat.com/show_bug.cgi?id=820686
• http://www.openssl.org/news/secadv_20120510.txt
• http://www.securityfocus.com/bid/53476
• http://secunia.com/advisories/49116
• http://www.debian.org/security/2012/dsa-2475
• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081460.html
• http://secunia.com/advisories/49324
• http://secunia.com/advisories/49208
• http://www.securitytracker.com/id?1027057
• http://rhn.redhat.com/errata/RHSA-2012-1306.html
• http://rhn.redhat.com/errata/RHSA-2012-1307.html
• http://rhn.redhat.com/errata/RHSA-2012-1308.html
• http://marc.info/?l=bugtraq&m=134919053717161&w=2
• http://secunia.com/advisories/50768
• http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
• http://support.apple.com/kb/HT5784
• http://secunia.com/advisories/51312
• http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
• http://www.kb.cert.org/vuls/id/737740
• http://marc.info/?l=bugtraq&m=136432043316835&w=2
• https://exchange.xforce.ibmcloud.com/vulnerabilities/75525
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:073
• http://rhn.redhat.com/errata/RHSA-2012-0699.html
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00020.html
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00019.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2012-2110: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before…

Published: 2012-04-19T17:55:00 Last Modified: 2018-01-05T02:29:00

Summary

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

• Impact Score: 6.4
• Exploitability Score: 10.0
• CVSS: 7.5
• CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

• Availability: PARTIAL
• Confidentiality: PARTIAL
• Integrity: PARTIAL

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2012-2110 vulnerability.

• OpenSSL - ASN1 BIO Memory Corruption by Tavis Ormandy at 2012-04-19

References

• http://www.openssl.org/news/secadv_20120419.txt
• http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
• http://cvs.openssl.org/chngview?cn=22431
• http://cvs.openssl.org/chngview?cn=22434
• http://cvs.openssl.org/chngview?cn=22439
• http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
• http://secunia.com/advisories/48999
• http://marc.info/?l=bugtraq&m=134039053214295&w=2
• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
• http://www.debian.org/security/2012/dsa-2454
• http://rhn.redhat.com/errata/RHSA-2012-0518.html
• http://rhn.redhat.com/errata/RHSA-2012-0522.html
• http://www.ubuntu.com/usn/USN-1424-1
• http://www.securitytracker.com/id?1026957
• http://secunia.com/advisories/48895
• http://rhn.redhat.com/errata/RHSA-2012-1306.html
• http://rhn.redhat.com/errata/RHSA-2012-1307.html
• http://rhn.redhat.com/errata/RHSA-2012-1308.html
• http://secunia.com/advisories/48942
• http://secunia.com/advisories/48899
• http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
• https://kb.juniper.net/KB27376
• http://support.apple.com/kb/HT5784
• http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
• https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
• http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
• http://secunia.com/advisories/57353
• http://marc.info/?l=bugtraq&m=133951357207000&w=2
• http://marc.info/?l=bugtraq&m=133728068926468&w=2
• http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
• http://www.securityfocus.com/bid/53158
• http://www.exploit-db.com/exploits/18756
• http://secunia.com/advisories/48847
• http://osvdb.org/81223
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:060
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html

See also: All popular products CVE Vulnerabilities of redhat

CVE-2009-4355: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and…

Published: 2010-01-14T19:30:00 Last Modified: 2017-09-19T01:29:00

Summary

Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-4355 vulnerability.

References

• https://bugzilla.redhat.com/show_bug.cgi?id=546707
• http://secunia.com/advisories/38175
• http://cvs.openssl.org/chngview?cn=19069
• http://secunia.com/advisories/38181
• http://secunia.com/advisories/38200
• https://issues.rpath.com/browse/RPL-3157
• http://www.debian.org/security/2010/dsa-1970
• http://cvs.openssl.org/chngview?cn=19068
• http://www.ubuntu.com/usn/USN-884-1
• http://www.openwall.com/lists/oss-security/2010/01/13/3
• http://www.vupen.com/english/advisories/2010/0124
• http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
• http://cvs.openssl.org/chngview?cn=19167
• https://rhn.redhat.com/errata/RHSA-2010-0095.html
• http://secunia.com/advisories/38761
• http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:022
• http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0004
• http://www.vupen.com/english/advisories/2010/0839
• http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
• http://www.vupen.com/english/advisories/2010/0916
• http://secunia.com/advisories/39461
• http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
• http://secunia.com/advisories/42724
• http://secunia.com/advisories/42733
• https://kb.bluecoat.com/index?page=content&id=SA50
• http://marc.info/?l=bugtraq&m=127128920008563&w=2
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6678
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12168
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11260

See also: All popular products CVE Vulnerabilities of redhat

CVE-2009-1386: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL…

Published: 2009-06-04T16:30:00 Last Modified: 2022-02-02T15:13:00

Summary

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2009-1386 vulnerability.

• OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service by Jon Oberheide at 2009-06-04

References

• http://www.securityfocus.com/bid/35174
• http://cvs.openssl.org/chngview?cn=17369
• http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest
• http://www.openwall.com/lists/oss-security/2009/06/02/1
• http://www.ubuntu.com/usn/USN-792-1
• http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
• http://secunia.com/advisories/35571
• ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
• http://secunia.com/advisories/35685
• http://secunia.com/advisories/35729
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
• http://secunia.com/advisories/38794
• http://lists.vmware.com/pipermail/security-announce/2010/000082.html
• http://www.vupen.com/english/advisories/2010/0528
• http://secunia.com/advisories/38834
• http://secunia.com/advisories/36533
• http://www.redhat.com/support/errata/RHSA-2009-1335.html
• https://exchange.xforce.ibmcloud.com/vulnerabilities/50963
• https://www.exploit-db.com/exploits/8873
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179

See also: All popular products CVE Vulnerabilities of redhat

CVE-2009-1387: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2…

Published: 2009-06-04T16:30:00 Last Modified: 2022-02-02T15:15:00

Summary

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a “fragment bug.”

Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference

CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2009-1387 vulnerability.

References

• http://cvs.openssl.org/chngview?cn=17958
• http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest
• http://www.openwall.com/lists/oss-security/2009/06/02/1
• http://www.ubuntu.com/usn/USN-792-1
• http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
• http://secunia.com/advisories/35571
• http://secunia.com/advisories/35685
• http://secunia.com/advisories/35729
• ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
• http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
• http://secunia.com/advisories/37003
• http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
• http://security.gentoo.org/glsa/glsa-200912-01.xml
• http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
• http://secunia.com/advisories/38794
• http://lists.vmware.com/pipermail/security-announce/2010/000082.html
• http://secunia.com/advisories/38834
• http://www.vupen.com/english/advisories/2010/0528
• http://secunia.com/advisories/36533
• http://www.redhat.com/support/errata/RHSA-2009-1335.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740

See also: All popular products CVE Vulnerabilities of redhat

CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos…

Published: 2004-11-23T05:00:00 Last Modified: 2021-11-08T15:48:00

Summary

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0112 vulnerability.

References

• http://www.securityfocus.com/bid/9899
• http://www.us-cert.gov/cas/techalerts/TA04-078A.html
• http://www.openssl.org/news/secadv_20040317.txt
• http://www.uniras.gov.uk/vuls/2004/224012/index.htm
• http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
• ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc
• http://www.redhat.com/support/errata/RHSA-2004-121.html
• ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
• http://www.novell.com/linux/security/advisories/2004_07_openssl.html
• http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
• http://docs.info.apple.com/article.html?artnum=61798
• http://lists.apple.com/mhonarc/security-announce/msg00045.html
• http://www.kb.cert.org/vuls/id/484726
• http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
• http://security.gentoo.org/glsa/glsa-200403-03.xml
• http://www.redhat.com/support/errata/RHSA-2004-120.html
• http://www.trustix.org/errata/2004/0012
• http://www.ciac.org/ciac/bulletins/o-101.shtml
• http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
• http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
• http://secunia.com/advisories/11139
• http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961
• http://www.mandriva.com/security/advisories?name=MDKSA-2004:023
• http://marc.info/?l=bugtraq&m=108403806509920&w=2
• http://marc.info/?l=bugtraq&m=107953412903636&w=2
• https://exchange.xforce.ibmcloud.com/vulnerabilities/15508
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049

See also: All popular products CVE Vulnerabilities of redhat

CVE-2004-0081: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote…

Published: 2004-11-23T05:00:00 Last Modified: 2021-11-08T15:48:00

Summary

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0081 vulnerability.

References

• http://www.kb.cert.org/vuls/id/465542
• http://www.securityfocus.com/bid/9899
• http://www.uniras.gov.uk/vuls/2004/224012/index.htm
• http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
• http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
• http://www.debian.org/security/2004/dsa-465
• http://rhn.redhat.com/errata/RHSA-2004-119.html
• http://www.redhat.com/support/errata/RHSA-2004-121.html
• ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
• ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc
• http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
• http://www.us-cert.gov/cas/techalerts/TA04-078A.html
• http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
• http://fedoranews.org/updates/FEDORA-2004-095.shtml
• http://security.gentoo.org/glsa/glsa-200403-03.xml
• http://www.redhat.com/support/errata/RHSA-2004-120.html
• http://www.redhat.com/support/errata/RHSA-2004-139.html
• http://www.trustix.org/errata/2004/0012
• http://secunia.com/advisories/11139
• http://marc.info/?l=bugtraq&m=107955049331965&w=2
• http://marc.info/?l=bugtraq&m=108403850228012&w=2
• https://exchange.xforce.ibmcloud.com/vulnerabilities/15509
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A871
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11755

See also: All popular products CVE Vulnerabilities of redhat

CVE-2004-0079: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows…

Published: 2004-11-23T05:00:00 Last Modified: 2021-11-08T15:48:00

Summary

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Scores

• Impact Score: 2.9
• Exploitability Score: 10.0
• CVSS: 5.0
• CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

• Availability: PARTIAL
• Confidentiality: NONE
• Integrity: NONE

Access

• Authentication: NONE
• Complexity: LOW
• Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0079 vulnerability.

References

• http://www.us-cert.gov/cas/techalerts/TA04-078A.html
• http://www.securityfocus.com/bid/9899
• http://www.openssl.org/news/secadv_20040317.txt
• http://www.uniras.gov.uk/vuls/2004/224012/index.htm
• http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834
• http://www.debian.org/security/2004/dsa-465
• http://www.linuxsecurity.com/advisories/engarde_advisory-4135.html
• ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc
• ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc
• http://www.redhat.com/support/errata/RHSA-2004-121.html
• ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt
• http://www.novell.com/linux/security/advisories/2004_07_openssl.html
• http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524
• http://docs.info.apple.com/article.html?artnum=61798
• http://lists.apple.com/mhonarc/security-announce/msg00045.html
• http://www.kb.cert.org/vuls/id/288574
• http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
• http://fedoranews.org/updates/FEDORA-2004-095.shtml
• http://security.gentoo.org/glsa/glsa-200403-03.xml
• http://www.redhat.com/support/errata/RHSA-2004-120.html
• http://www.redhat.com/support/errata/RHSA-2004-139.html
• http://www.trustix.org/errata/2004/0012
• http://www.ciac.org/ciac/bulletins/o-101.shtml
• http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
• http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
• http://www.redhat.com/support/errata/RHSA-2005-830.html
• http://secunia.com/advisories/11139
• http://secunia.com/advisories/17401
• http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html
• http://www.redhat.com/support/errata/RHSA-2005-829.html
• http://secunia.com/advisories/17381
• http://secunia.com/advisories/17398
• http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961
• http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm
• http://secunia.com/advisories/18247
• http://www.mandriva.com/security/advisories?name=MDKSA-2004:023
• http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US
• http://marc.info/?l=bugtraq&m=108403806509920&w=2
• http://marc.info/?l=bugtraq&m=107953412903636&w=2
• https://exchange.xforce.ibmcloud.com/vulnerabilities/15505
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A870
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5770
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2621

See also: All popular products CVE Vulnerabilities of redhat