Denial of Service : OpenSSL: Multiple Vulnerabilities (20080528)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.112938

Categoría: Denial of Service

Título: OpenSSL: Multiple Vulnerabilities (20080528) - Windows

Resumen: OpenSSL is prone to multiple vulnerabilities.

Descripción: Summary:
OpenSSL is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- A flaw in the handling of server name extension data. If OpenSSL has been compiled using the
non-default TLS server name extensions, a remote attacker could send a carefully crafted packet
to a server application using OpenSSL and cause it to crash. (CVE-2008-0891)

- A flaw if the 'Server Key exchange message' is omitted from a TLS handshake. If a client
connects to a malicious server with particular cipher suites, the server could cause the client
to crash. (CVE-2008-1672)

Affected Software/OS:
OpenSSL 0.9.8f through 0.9.8g.

Solution:
Update to version 0.9.8h or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-0891
1020121
http://www.securitytracker.com/id?1020121
29405
http://www.securityfocus.com/bid/29405
30405
http://secunia.com/advisories/30405
30460
http://secunia.com/advisories/30460
30825
http://secunia.com/advisories/30825
30852
http://secunia.com/advisories/30852
30868
http://secunia.com/advisories/30868
31228
http://secunia.com/advisories/31228
31288
http://secunia.com/advisories/31288
ADV-2008-1680
http://www.vupen.com/english/advisories/2008/1680
ADV-2008-1937
http://www.vupen.com/english/advisories/2008/1937/references
FEDORA-2008-4723
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html
GLSA-200806-08
http://security.gentoo.org/glsa/glsa-200806-08.xml
MDVSA-2008:107
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
SSA:2008-210-08
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
USN-620-1
http://www.ubuntu.com/usn/usn-620-1
VU#661475
http://www.kb.cert.org/vuls/id/661475
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
http://sourceforge.net/project/shownotes.php?release_id=615606
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
http://www.openssl.org/news/secadv_20080528.txt
openssl-servername-dos(42666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
Common Vulnerability Exposure (CVE) ID: CVE-2008-1672
1020122
http://www.securitytracker.com/id?1020122
20080602 rPSA-2008-0181-1 openssl openssl-scripts
http://www.securityfocus.com/archive/1/492932/100/0/threaded
VU#520586
http://www.kb.cert.org/vuls/id/520586
openssl-serverkey-dos(42667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42667

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.112938
Categoría:	Denial of Service
Título:	OpenSSL: Multiple Vulnerabilities (20080528) - Windows
Resumen:	OpenSSL is prone to multiple vulnerabilities.
Descripción:	Summary: OpenSSL is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - A flaw in the handling of server name extension data. If OpenSSL has been compiled using the non-default TLS server name extensions, a remote attacker could send a carefully crafted packet to a server application using OpenSSL and cause it to crash. (CVE-2008-0891) - A flaw if the 'Server Key exchange message' is omitted from a TLS handshake. If a client connects to a malicious server with particular cipher suites, the server could cause the client to crash. (CVE-2008-1672) Affected Software/OS: OpenSSL 0.9.8f through 0.9.8g. Solution: Update to version 0.9.8h or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0891 1020121 http://www.securitytracker.com/id?1020121 29405 http://www.securityfocus.com/bid/29405 30405 http://secunia.com/advisories/30405 30460 http://secunia.com/advisories/30460 30825 http://secunia.com/advisories/30825 30852 http://secunia.com/advisories/30852 30868 http://secunia.com/advisories/30868 31228 http://secunia.com/advisories/31228 31288 http://secunia.com/advisories/31288 ADV-2008-1680 http://www.vupen.com/english/advisories/2008/1680 ADV-2008-1937 http://www.vupen.com/english/advisories/2008/1937/references FEDORA-2008-4723 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html GLSA-200806-08 http://security.gentoo.org/glsa/glsa-200806-08.xml MDVSA-2008:107 http://www.mandriva.com/security/advisories?name=MDVSA-2008:107 SSA:2008-210-08 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004 USN-620-1 http://www.ubuntu.com/usn/usn-620-1 VU#661475 http://www.kb.cert.org/vuls/id/661475 http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html http://sourceforge.net/project/shownotes.php?release_id=615606 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400 http://www.openssl.org/news/secadv_20080528.txt openssl-servername-dos(42666) https://exchange.xforce.ibmcloud.com/vulnerabilities/42666 Common Vulnerability Exposure (CVE) ID: CVE-2008-1672 1020122 http://www.securitytracker.com/id?1020122 20080602 rPSA-2008-0181-1 openssl openssl-scripts http://www.securityfocus.com/archive/1/492932/100/0/threaded VU#520586 http://www.kb.cert.org/vuls/id/520586 openssl-serverkey-dos(42667) https://exchange.xforce.ibmcloud.com/vulnerabilities/42667
Copyright	Copyright (C) 2021 Greenbone Networks GmbH