Denial of Service : OpenSSL Death Alert Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809778

Categoría: Denial of Service

Título: OpenSSL Death Alert Denial of Service Vulnerability - Linux

Resumen: OpenSSL is prone to a Denial of Service (DoS) vulnerability.

Descripción: Summary:
OpenSSL is prone to a Denial of Service (DoS) vulnerability.

Vulnerability Insight:
The flaw is due to an error in function
'ssl3_read_bytes' in ssl/s3_pkt.c script which might lead to higher CPU usage
due to improper handling of warning packets.

Vulnerability Impact:
Successful exploitation will allow a remote
attacker to conduct a denial of service condition.

Affected Software/OS:
OpenSSL versions 1.1.0, 1.0.2 through 1.0.2h,
all 1.0.1 and all 0.9.8.

Solution:
Upgrade to OpenSSL version 1.0.2j or 1.1.0b
or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-8610
1037084
http://www.securitytracker.com/id/1037084
93841
http://www.securityfocus.com/bid/93841
DSA-3773
https://www.debian.org/security/2017/dsa-3773
FreeBSD-SA-16:35
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc
RHSA-2017:0286
http://rhn.redhat.com/errata/RHSA-2017-0286.html
RHSA-2017:0574
http://rhn.redhat.com/errata/RHSA-2017-0574.html
RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1413
RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1414
RHSA-2017:1415
http://rhn.redhat.com/errata/RHSA-2017-1415.html
RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1658
RHSA-2017:1659
http://rhn.redhat.com/errata/RHSA-2017-1659.html
RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1801
RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:1802
RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2493
RHSA-2017:2494
https://access.redhat.com/errata/RHSA-2017:2494
[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS
http://seclists.org/oss-sec/2016/q4/224
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401
https://security.360.cn/cve/CVE-2016-8610/
https://security.netapp.com/advisory/ntap-20171130-0001/
https://security.paloaltonetworks.com/CVE-2016-8610
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809778
Categoría:	Denial of Service
Título:	OpenSSL Death Alert Denial of Service Vulnerability - Linux
Resumen:	OpenSSL is prone to a Denial of Service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a Denial of Service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error in function 'ssl3_read_bytes' in ssl/s3_pkt.c script which might lead to higher CPU usage due to improper handling of warning packets. Vulnerability Impact: Successful exploitation will allow a remote attacker to conduct a denial of service condition. Affected Software/OS: OpenSSL versions 1.1.0, 1.0.2 through 1.0.2h, all 1.0.1 and all 0.9.8. Solution: Upgrade to OpenSSL version 1.0.2j or 1.1.0b or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-8610 1037084 http://www.securitytracker.com/id/1037084 93841 http://www.securityfocus.com/bid/93841 DSA-3773 https://www.debian.org/security/2017/dsa-3773 FreeBSD-SA-16:35 https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc RHSA-2017:0286 http://rhn.redhat.com/errata/RHSA-2017-0286.html RHSA-2017:0574 http://rhn.redhat.com/errata/RHSA-2017-0574.html RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1413 RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1414 RHSA-2017:1415 http://rhn.redhat.com/errata/RHSA-2017-1415.html RHSA-2017:1658 https://access.redhat.com/errata/RHSA-2017:1658 RHSA-2017:1659 http://rhn.redhat.com/errata/RHSA-2017-1659.html RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1801 RHSA-2017:1802 https://access.redhat.com/errata/RHSA-2017:1802 RHSA-2017:2493 https://access.redhat.com/errata/RHSA-2017:2493 RHSA-2017:2494 https://access.redhat.com/errata/RHSA-2017:2494 [oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS http://seclists.org/oss-sec/2016/q4/224 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=af58be768ebb690f78530f796e92b8ae5c9a4401 https://security.360.cn/cve/CVE-2016-8610/ https://security.netapp.com/advisory/ntap-20171130-0001/ https://security.paloaltonetworks.com/CVE-2016-8610 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Copyright	Copyright (C) 2017 Greenbone AG