ID de Prueba:	1.3.6.1.4.1.25623.1.0.117585
Categoría:	Denial of Service
Título:	OpenSSL DoS Vulnerability (20140806) - Windows
Resumen:	OpenSSL is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: A race condition was found in ssl_parse_serverhello_tlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Affected Software/OS: OpenSSL version 1.0.0 through 1.0.0m and 1.0.1 through 1.0.1h. Solution: Update to version 1.0.0n, 1.0.1i or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3509 BugTraq ID: 69084 http://www.securityfocus.com/bid/69084 Debian Security Information: DSA-2998 (Google Search) http://www.debian.org/security/2014/dsa-2998 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html FreeBSD Security Advisory: FreeBSD-SA-14:18 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc http://security.gentoo.org/glsa/glsa-201412-39.xml HPdes Security Advisory: HPSBHF03293 http://marc.info/?l=bugtraq&m=142660345230545&w=2 HPdes Security Advisory: HPSBMU03216 http://marc.info/?l=bugtraq&m=142350350616251&w=2 HPdes Security Advisory: HPSBMU03260 http://marc.info/?l=bugtraq&m=142495837901899&w=2 HPdes Security Advisory: HPSBMU03261 http://marc.info/?l=bugtraq&m=143290522027658&w=2 HPdes Security Advisory: HPSBMU03263 http://marc.info/?l=bugtraq&m=143290437727362&w=2 HPdes Security Advisory: HPSBMU03267 http://marc.info/?l=bugtraq&m=142624590206005&w=2 HPdes Security Advisory: HPSBMU03304 http://marc.info/?l=bugtraq&m=142791032306609&w=2 HPdes Security Advisory: SSRT101818 HPdes Security Advisory: SSRT101846 HPdes Security Advisory: SSRT101894 http://www.mandriva.com/security/advisories?name=MDVSA-2014:158 https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html NETBSD Security Advisory: NetBSD-SA2014-008 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc RedHat Security Advisories: RHSA-2015:0197 http://rhn.redhat.com/errata/RHSA-2015-0197.html http://www.securitytracker.com/id/1030693 http://secunia.com/advisories/58962 http://secunia.com/advisories/59700 http://secunia.com/advisories/59710 http://secunia.com/advisories/59756 http://secunia.com/advisories/60022 http://secunia.com/advisories/60221 http://secunia.com/advisories/60493 http://secunia.com/advisories/60684 http://secunia.com/advisories/60803 http://secunia.com/advisories/60917 http://secunia.com/advisories/60921 http://secunia.com/advisories/60938 http://secunia.com/advisories/61017 http://secunia.com/advisories/61100 http://secunia.com/advisories/61139 http://secunia.com/advisories/61184 http://secunia.com/advisories/61775 http://secunia.com/advisories/61959 SuSE Security Announcement: openSUSE-SU-2014:1052 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html XForce ISS Database: openssl-cve20143509-dos(95159) https://exchange.xforce.ibmcloud.com/vulnerabilities/95159
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.