Denial of Service : OpenSSL Denial of Service Vulnerability (20150611 - 3)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.117594

Categoría: Denial of Service

Título: OpenSSL Denial of Service Vulnerability (20150611 - 3) - Linux

Resumen: OpenSSL is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
OpenSSL is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
If a DTLS peer receives application data between the
ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free,
resulting in a segmentation fault or potentially, memory corruption.

Affected Software/OS:
OpenSSL version 0.9.8 through 0.9.8y, 1.0.0 through 1.0.0l and
1.0.1 through 1.0.1g.

Solution:
Update to version 0.9.8za, 1.0.0m, 1.0.1h or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8176
1032564
http://www.securitytracker.com/id/1032564
20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
75159
http://www.securityfocus.com/bid/75159
DSA-3287
http://www.debian.org/security/2015/dsa-3287
GLSA-201506-02
https://security.gentoo.org/glsa/201506-02
NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
RHSA-2015:1115
http://rhn.redhat.com/errata/RHSA-2015-1115.html
RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
SUSE-SU-2015:1185
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
USN-2639-1
http://www.ubuntu.com/usn/USN-2639-1
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
https://bto.bluecoat.com/security-advisory/sa98
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt
https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest
https://www.openssl.org/news/secadv_20150611.txt
openSUSE-SU-2015:1277
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.117594
Categoría:	Denial of Service
Título:	OpenSSL Denial of Service Vulnerability (20150611 - 3) - Linux
Resumen:	OpenSSL is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption. Affected Software/OS: OpenSSL version 0.9.8 through 0.9.8y, 1.0.0 through 1.0.0l and 1.0.1 through 1.0.1g. Solution: Update to version 0.9.8za, 1.0.0m, 1.0.1h or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8176 1032564 http://www.securitytracker.com/id/1032564 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl 75159 http://www.securityfocus.com/bid/75159 DSA-3287 http://www.debian.org/security/2015/dsa-3287 GLSA-201506-02 https://security.gentoo.org/glsa/201506-02 NetBSD-SA2015-008 http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc RHSA-2015:1115 http://rhn.redhat.com/errata/RHSA-2015-1115.html RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html SUSE-SU-2015:1185 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html USN-2639-1 http://www.ubuntu.com/usn/USN-2639-1 http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015 https://bto.bluecoat.com/security-advisory/sa98 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351 https://kc.mcafee.com/corporate/index?page=content&id=SB10122 https://openssl.org/news/secadv/20150611.txt https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest https://www.openssl.org/news/secadv_20150611.txt openSUSE-SU-2015:1277 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH