Denial of Service : OpenSSL DoS Vulnerability (20151203)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.806816

Categoría: Denial of Service

Título: OpenSSL DoS Vulnerability (20151203) - Linux

Resumen: OpenSSL is prone to a Denial of Service (DoS) vulnerability.

Descripción: Summary:
OpenSSL is prone to a Denial of Service (DoS) vulnerability.

Vulnerability Insight:
A race condition flaw exists in OpenSSL leading to a double free
error due to improper handling of pre-shared key (PSK) identify hints.

Vulnerability Impact:
Successful exploitation will allow a remote attacker to cause a
DoS via a crafted ServerKeyExchange message.

Affected Software/OS:
OpenSSL version 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and
1.0.2 before 1.0.2d.

Solution:
Update to OpenSSL 1.0.0t, 1.0.1p, 1.0.2d or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3196
BugTraq ID: 78622
http://www.securityfocus.com/bid/78622
Cisco Security Advisory: 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
Debian Security Information: DSA-3413 (Google Search)
http://www.debian.org/security/2015/dsa-3413
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html
HPdes Security Advisory: HPSBGN03536
http://marc.info/?l=bugtraq&m=145382583417444&w=2
RedHat Security Advisories: RHSA-2015:2617
http://rhn.redhat.com/errata/RHSA-2015-2617.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.securitytracker.com/id/1034294
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583
SuSE Security Announcement: openSUSE-SU-2015:2288 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html
SuSE Security Announcement: openSUSE-SU-2015:2289 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html
http://www.ubuntu.com/usn/USN-2830-1

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.806816
Categoría:	Denial of Service
Título:	OpenSSL DoS Vulnerability (20151203) - Linux
Resumen:	OpenSSL is prone to a Denial of Service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a Denial of Service (DoS) vulnerability. Vulnerability Insight: A race condition flaw exists in OpenSSL leading to a double free error due to improper handling of pre-shared key (PSK) identify hints. Vulnerability Impact: Successful exploitation will allow a remote attacker to cause a DoS via a crafted ServerKeyExchange message. Affected Software/OS: OpenSSL version 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d. Solution: Update to OpenSSL 1.0.0t, 1.0.1p, 1.0.2d or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3196 BugTraq ID: 78622 http://www.securityfocus.com/bid/78622 Cisco Security Advisory: 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl Debian Security Information: DSA-3413 (Google Search) http://www.debian.org/security/2015/dsa-3413 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html HPdes Security Advisory: HPSBGN03536 http://marc.info/?l=bugtraq&m=145382583417444&w=2 RedHat Security Advisories: RHSA-2015:2617 http://rhn.redhat.com/errata/RHSA-2015-2617.html RedHat Security Advisories: RHSA-2016:2957 http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securitytracker.com/id/1034294 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.754583 SuSE Security Announcement: openSUSE-SU-2015:2288 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html SuSE Security Announcement: openSUSE-SU-2015:2289 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html http://www.ubuntu.com/usn/USN-2830-1
Copyright	Copyright (C) 2016 Greenbone Networks GmbH