English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 146377 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64118
Kategorie:FreeBSD Local Security Checks
Titel:FreeBSD Ports: opensll
Zusammenfassung:The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: opensll

CVE-2009-1377
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and
earlier 0.9.8 versions allows remote attackers to cause a denial of
service (memory consumption) via a large series of 'future epoch' DTLS
records that are buffered in a queue, aka 'DTLS record buffer
limitation bug.'

CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function
in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow
remote attackers to cause a denial of service (memory consumption) via
DTLS records that (1) are duplicates or (2) have sequence numbers much
greater than current sequence numbers, aka 'DTLS fragment handling
memory leak.'

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1377
1022241
http://www.securitytracker.com/id?1022241
35001
http://www.securityfocus.com/bid/35001
35128
http://secunia.com/advisories/35128
35416
http://secunia.com/advisories/35416
35461
http://secunia.com/advisories/35461
35571
http://secunia.com/advisories/35571
35729
http://secunia.com/advisories/35729
36533
http://secunia.com/advisories/36533
37003
http://secunia.com/advisories/37003
38761
http://secunia.com/advisories/38761
38794
http://secunia.com/advisories/38794
38834
http://secunia.com/advisories/38834
42724
http://secunia.com/advisories/42724
42733
http://secunia.com/advisories/42733
ADV-2009-1377
http://www.vupen.com/english/advisories/2009/1377
ADV-2010-0528
http://www.vupen.com/english/advisories/2010/0528
GLSA-200912-01
http://security.gentoo.org/glsa/glsa-200912-01.xml
HPSBMA02492
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
MDVSA-2009:120
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
NetBSD-SA2009-009
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
RHSA-2009:1335
http://www.redhat.com/support/errata/RHSA-2009-1335.html
SSA:2010-060-02
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
SSRT100079
SUSE-SR:2009:011
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
USN-792-1
http://www.ubuntu.com/usn/USN-792-1
[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug
http://marc.info/?l=openssl-dev&m=124247675613888&w=2
[oss-security] 20090518 Two OpenSSL DTLS remote DoS
http://www.openwall.com/lists/oss-security/2009/05/18/1
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://cvs.openssl.org/chngview?cn=18187
http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
https://kb.bluecoat.com/index?page=content&id=SA50
https://launchpad.net/bugs/cve/2009-1377
oval:org.mitre.oval:def:6683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683
oval:org.mitre.oval:def:9663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663
Common Vulnerability Exposure (CVE) ID: CVE-2009-1378
8720
https://www.exploit-db.com/exploits/8720
[openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
http://marc.info/?l=openssl-dev&m=124247679213944&w=2
[openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
http://marc.info/?l=openssl-dev&m=124263491424212&w=2
http://cvs.openssl.org/chngview?cn=18188
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
https://launchpad.net/bugs/cve/2009-1378
oval:org.mitre.oval:def:11309
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309
oval:org.mitre.oval:def:7229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
CopyrightCopyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.