Test Kennung:	1.3.6.1.4.1.25623.1.0.107051
Kategorie:	Denial of Service
Titel:	OpenSSL OCSP Status Request extension unbounded memory growth Vulnerability - Windows
Zusammenfassung:	OpenSSL is prone to a Denial of Service (DoS) vulnerability.
Beschreibung:	Summary: OpenSSL is prone to a Denial of Service (DoS) vulnerability. Vulnerability Insight: OpenSSL suffers from the possibility of DoS attack through sending a large OCSP Status Request extensions which lead to unbounded memory growth on the server which in turn lead to denial of service. Vulnerability Impact: Successful exploitation could result in service crash. Affected Software/OS: OpenSSL 1.1.0 and previous versions. Solution: OpenSSL 1.1.0 users should upgrade to 1.1.0a. OpenSSL 1.0.2 users should upgrade to 1.0.2i. OpenSSL 1.0.1 users should upgrade to 1.0.1u. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-6304 BugTraq ID: 93150 http://www.securityfocus.com/bid/93150 Debian Security Information: DSA-3673 (Google Search) http://www.debian.org/security/2016/dsa-3673 FreeBSD Security Advisory: FreeBSD-SA-16:26 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc http://seclists.org/fulldisclosure/2016/Oct/62 http://seclists.org/fulldisclosure/2016/Dec/47 http://seclists.org/fulldisclosure/2017/Jul/31 https://security.gentoo.org/glsa/201612-16 http://packetstormsecurity.com/files/139091/OpenSSL-x509-Parsing-Double-Free-Invalid-Free.html https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 RedHat Security Advisories: RHSA-2016:1940 http://rhn.redhat.com/errata/RHSA-2016-1940.html RedHat Security Advisories: RHSA-2016:2802 http://rhn.redhat.com/errata/RHSA-2016-2802.html RedHat Security Advisories: RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1413 RedHat Security Advisories: RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1414 RedHat Security Advisories: RHSA-2017:1415 http://rhn.redhat.com/errata/RHSA-2017-1415.html RedHat Security Advisories: RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:1658 RedHat Security Advisories: RHSA-2017:1659 http://rhn.redhat.com/errata/RHSA-2017-1659.html RedHat Security Advisories: RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1801 RedHat Security Advisories: RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:1802 RedHat Security Advisories: RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493 RedHat Security Advisories: RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494 http://www.securitytracker.com/id/1036878 http://www.securitytracker.com/id/1037640 SuSE Security Announcement: SUSE-SU-2016:2387 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html SuSE Security Announcement: SUSE-SU-2016:2394 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html SuSE Security Announcement: SUSE-SU-2016:2458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html SuSE Security Announcement: SUSE-SU-2016:2468 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html SuSE Security Announcement: SUSE-SU-2016:2469 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html SuSE Security Announcement: SUSE-SU-2017:2699 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html SuSE Security Announcement: SUSE-SU-2017:2700 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html SuSE Security Announcement: openSUSE-SU-2016:2391 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html SuSE Security Announcement: openSUSE-SU-2016:2407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:2496 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:2537 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html SuSE Security Announcement: openSUSE-SU-2016:2769 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00021.html SuSE Security Announcement: openSUSE-SU-2016:2788 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00027.html SuSE Security Announcement: openSUSE-SU-2018:0458 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html http://www.ubuntu.com/usn/USN-3087-1 http://www.ubuntu.com/usn/USN-3087-2
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.