ID de Prueba:	1.3.6.1.4.1.25623.1.0.108753
Categoría:	Denial of Service
Título:	OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) - Linux
Resumen:	OpenSSL server or client applications are prone to a; denial-of-service vulnerability.
Descripción:	Summary: OpenSSL server or client applications are prone to a denial-of-service vulnerability. Vulnerability Insight: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. Vulnerability Impact: This could be exploited by a malicious peer in a Denial of Service attack. Affected Software/OS: OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f. This issue does not impact OpenSSL versions prior to 1.1.1d. Solution: Update to version 1.1.1g or later. See the references for more details. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-1967 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440 https://security.netapp.com/advisory/ntap-20200424-0003/ https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.openssl.org/news/secadv/20200421.txt https://www.synology.com/security/advisory/Synology_SA_20_05 https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL https://www.tenable.com/security/tns-2020-03 https://www.tenable.com/security/tns-2020-04 https://www.tenable.com/security/tns-2020-11 https://www.tenable.com/security/tns-2021-10 Debian Security Information: DSA-4661 (Google Search) https://www.debian.org/security/2020/dsa-4661 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/ FreeBSD Security Advisory: FreeBSD-SA-20:11 https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc http://seclists.org/fulldisclosure/2020/May/5 https://security.gentoo.org/glsa/202004-10 http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html https://github.com/irsl/CVE-2020-1967 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021.html http://www.openwall.com/lists/oss-security/2020/04/22/2 https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E SuSE Security Announcement: openSUSE-SU-2020:0933 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html SuSE Security Announcement: openSUSE-SU-2020:0945 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
Copyright	Copyright (C) 2020 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.