Denial of Service : OpenSSL: OCSP Invalid Key DoS Issue (20130205)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.112970

Categoría: Denial of Service

Título: OpenSSL: OCSP Invalid Key DoS Issue (20130205) - Windows

Resumen: OpenSSL is prone to a denial of service attack.

Descripción: Summary:
OpenSSL is prone to a denial of service attack.

Vulnerability Insight:
OpenSSL does not properly perform signature verification for
OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer
dereference and application crash) via an invalid key.

Affected Software/OS:
OpenSSL 0.9.8 through 0.9.8x, 1.0.0 through 1.0.0j and 1.0.1
through 1.0.1c.

Solution:
Update to version 0.9.8y, 1.0.0k, 1.0.1d or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0166
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
CERT/CC vulnerability note: VU#737740
http://www.kb.cert.org/vuls/id/737740
Debian Security Information: DSA-2621 (Google Search)
http://www.debian.org/security/2013/dsa-2621
HPdes Security Advisory: HPSBOV02852
http://marc.info/?l=bugtraq&m=136432043316835&w=2
HPdes Security Advisory: HPSBUX02856
http://marc.info/?l=bugtraq&m=136396549913849&w=2
HPdes Security Advisory: HPSBUX02909
http://marc.info/?l=bugtraq&m=137545771702053&w=2
HPdes Security Advisory: SSRT101104
HPdes Security Advisory: SSRT101108
HPdes Security Advisory: SSRT101289
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487
RedHat Security Advisories: RHSA-2013:0587
http://rhn.redhat.com/errata/RHSA-2013-0587.html
RedHat Security Advisories: RHSA-2013:0782
http://rhn.redhat.com/errata/RHSA-2013-0782.html
RedHat Security Advisories: RHSA-2013:0783
http://rhn.redhat.com/errata/RHSA-2013-0783.html
RedHat Security Advisories: RHSA-2013:0833
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://secunia.com/advisories/53623
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.112970
Categoría:	Denial of Service
Título:	OpenSSL: OCSP Invalid Key DoS Issue (20130205) - Windows
Resumen:	OpenSSL is prone to a denial of service attack.
Descripción:	Summary: OpenSSL is prone to a denial of service attack. Vulnerability Insight: OpenSSL does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. Affected Software/OS: OpenSSL 0.9.8 through 0.9.8x, 1.0.0 through 1.0.0j and 1.0.1 through 1.0.1c. Solution: Update to version 0.9.8y, 1.0.0k, 1.0.1d or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0166 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html CERT/CC vulnerability note: VU#737740 http://www.kb.cert.org/vuls/id/737740 Debian Security Information: DSA-2621 (Google Search) http://www.debian.org/security/2013/dsa-2621 HPdes Security Advisory: HPSBOV02852 http://marc.info/?l=bugtraq&m=136432043316835&w=2 HPdes Security Advisory: HPSBUX02856 http://marc.info/?l=bugtraq&m=136396549913849&w=2 HPdes Security Advisory: HPSBUX02909 http://marc.info/?l=bugtraq&m=137545771702053&w=2 HPdes Security Advisory: SSRT101104 HPdes Security Advisory: SSRT101108 HPdes Security Advisory: SSRT101289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19487 RedHat Security Advisories: RHSA-2013:0587 http://rhn.redhat.com/errata/RHSA-2013-0587.html RedHat Security Advisories: RHSA-2013:0782 http://rhn.redhat.com/errata/RHSA-2013-0782.html RedHat Security Advisories: RHSA-2013:0783 http://rhn.redhat.com/errata/RHSA-2013-0783.html RedHat Security Advisories: RHSA-2013:0833 http://rhn.redhat.com/errata/RHSA-2013-0833.html http://secunia.com/advisories/53623 http://secunia.com/advisories/55108 http://secunia.com/advisories/55139 SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH