ID de Prueba:	1.3.6.1.4.1.25623.1.0.900653
Categoría:	Denial of Service
Título:	OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities - Linux
Resumen:	OpenSSL is prone to multiple Denial of Service (DoS) vulnerabilities.
Descripción:	Summary: OpenSSL is prone to multiple Denial of Service (DoS) vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - The library does not limit the number of buffered DTLS records with a future epoch. - An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages. - A use-after-free error in the 'dtls1_retrieve_buffered_fragment()' function can be exploited to cause a crash in a client context. Vulnerability Impact: Successful exploitation will allow attacker to cause denial-of-service conditions, crash the client, and exhaust all memory. Affected Software/OS: OpenSSL version 0.9.8 to version 0.9.8k and version 1.0.x versions 1.0.0 Beta2 and prior. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1377 1022241 http://www.securitytracker.com/id?1022241 35001 http://www.securityfocus.com/bid/35001 35128 http://secunia.com/advisories/35128 35416 http://secunia.com/advisories/35416 35461 http://secunia.com/advisories/35461 35571 http://secunia.com/advisories/35571 35729 http://secunia.com/advisories/35729 36533 http://secunia.com/advisories/36533 37003 http://secunia.com/advisories/37003 38761 http://secunia.com/advisories/38761 38794 http://secunia.com/advisories/38794 38834 http://secunia.com/advisories/38834 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 ADV-2009-1377 http://www.vupen.com/english/advisories/2009/1377 ADV-2010-0528 http://www.vupen.com/english/advisories/2010/0528 GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 MDVSA-2009:120 http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 NetBSD-SA2009-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc RHSA-2009:1335 http://www.redhat.com/support/errata/RHSA-2009-1335.html SSA:2010-060-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SSRT100079 SUSE-SR:2009:011 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html USN-792-1 http://www.ubuntu.com/usn/USN-792-1 [openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug http://marc.info/?l=openssl-dev&m=124247675613888&w=2 [oss-security] 20090518 Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/1 [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://cvs.openssl.org/chngview?cn=18187 http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html https://kb.bluecoat.com/index?page=content&id=SA50 https://launchpad.net/bugs/cve/2009-1377 oval:org.mitre.oval:def:6683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683 oval:org.mitre.oval:def:9663 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663 Common Vulnerability Exposure (CVE) ID: CVE-2009-1378 8720 https://www.exploit-db.com/exploits/8720 [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124247679213944&w=2 [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://cvs.openssl.org/chngview?cn=18188 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest https://launchpad.net/bugs/cve/2009-1378 oval:org.mitre.oval:def:11309 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 oval:org.mitre.oval:def:7229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 Common Vulnerability Exposure (CVE) ID: CVE-2009-1379 35138 http://www.securityfocus.com/bid/35138 [oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS http://www.openwall.com/lists/oss-security/2009/05/18/4 http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest https://launchpad.net/bugs/cve/2009-1379 openssl-dtls1retrievebufferedfragment-dos(50661) https://exchange.xforce.ibmcloud.com/vulnerabilities/50661 oval:org.mitre.oval:def:6848 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848 oval:org.mitre.oval:def:9744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.