ID de Prueba:	1.3.6.1.4.1.25623.1.0.117601
Categoría:	Denial of Service
Título:	OpenSSL Multiple DoS Vulnerabilities (20140605 - 3) - Linux
Resumen:	OpenSSL is prone to multiple denial of service (DoS); vulnerabilities.
Descripción:	Summary: OpenSSL is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2014-0198: A flaw in the do_ssl3_write function can allow remote attackers to cause a denial of service via a NULL pointer dereference. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. - CVE-2010-5298: A race condition in the ssl3_read_bytes function can allow remote attackers to inject data across sessions or cause a denial of service. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common. Affected Software/OS: OpenSSL version 1.0.0 through 1.0.0l and 1.0.1 through 1.0.1g. Solution: Update to version 1.0.0m, 1.0.1h or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0198 BugTraq ID: 67193 http://www.securityfocus.com/bid/67193 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Cisco Security Advisory: 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl Debian Security Information: DSA-2931 (Google Search) http://www.debian.org/security/2014/dsa-2931 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201407-05.xml HPdes Security Advisory: HPSBGN03068 http://marc.info/?l=bugtraq&m=140544599631400&w=2 HPdes Security Advisory: HPSBHF03052 http://marc.info/?l=bugtraq&m=141658880509699&w=2 HPdes Security Advisory: HPSBMU03051 http://marc.info/?l=bugtraq&m=140448122410568&w=2 HPdes Security Advisory: HPSBMU03055 http://marc.info/?l=bugtraq&m=140431828824371&w=2 HPdes Security Advisory: HPSBMU03056 http://marc.info/?l=bugtraq&m=140389355508263&w=2 HPdes Security Advisory: HPSBMU03057 http://marc.info/?l=bugtraq&m=140389274407904&w=2 HPdes Security Advisory: HPSBMU03062 http://marc.info/?l=bugtraq&m=140752315422991&w=2 HPdes Security Advisory: HPSBMU03074 http://marc.info/?l=bugtraq&m=140621259019789&w=2 HPdes Security Advisory: HPSBMU03076 http://marc.info/?l=bugtraq&m=140904544427729&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2014:080 http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 OpenBSD Security Advisory: [5.5] 005: RELIABILITY FIX: May 1, 2014 http://www.openbsd.org/errata55.html#005_openssl http://secunia.com/advisories/58337 http://secunia.com/advisories/58667 http://secunia.com/advisories/58713 http://secunia.com/advisories/58714 http://secunia.com/advisories/58939 http://secunia.com/advisories/58945 http://secunia.com/advisories/58977 http://secunia.com/advisories/59126 http://secunia.com/advisories/59162 http://secunia.com/advisories/59163 http://secunia.com/advisories/59190 http://secunia.com/advisories/59202 http://secunia.com/advisories/59264 http://secunia.com/advisories/59282 http://secunia.com/advisories/59284 http://secunia.com/advisories/59287 http://secunia.com/advisories/59300 http://secunia.com/advisories/59301 http://secunia.com/advisories/59306 http://secunia.com/advisories/59310 http://secunia.com/advisories/59342 http://secunia.com/advisories/59374 http://secunia.com/advisories/59398 http://secunia.com/advisories/59413 http://secunia.com/advisories/59437 http://secunia.com/advisories/59438 http://secunia.com/advisories/59440 http://secunia.com/advisories/59449 http://secunia.com/advisories/59450 http://secunia.com/advisories/59490 http://secunia.com/advisories/59491 http://secunia.com/advisories/59514 http://secunia.com/advisories/59525 http://secunia.com/advisories/59529 http://secunia.com/advisories/59655 http://secunia.com/advisories/59666 http://secunia.com/advisories/59669 http://secunia.com/advisories/59721 http://secunia.com/advisories/59784 http://secunia.com/advisories/59990 http://secunia.com/advisories/60049 http://secunia.com/advisories/60066 http://secunia.com/advisories/60571 http://secunia.com/advisories/61254 SuSE Security Announcement: SUSE-SU-2015:0743 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html SuSE Security Announcement: openSUSE-SU-2014:0634 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html SuSE Security Announcement: openSUSE-SU-2014:0635 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html Common Vulnerability Exposure (CVE) ID: CVE-2010-5298 BugTraq ID: 66801 http://www.securityfocus.com/bid/66801 http://www.mandriva.com/security/advisories?name=MDVSA-2014:090 http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest http://openwall.com/lists/oss-security/2014/04/13/1 OpenBSD Security Advisory: [5.5] 004: SECURITY FIX: April 12, 2014 http://www.openbsd.org/errata55.html#004_openssl
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.