English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.841924
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-2308-1)
Summary:The remote host is missing an update for the 'openssl' package(s) announced via the USN-2308-1 advisory.
Description:Summary:
The remote host is missing an update for the 'openssl' package(s) announced via the USN-2308-1 advisory.

Vulnerability Insight:
Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled
certain DTLS packets. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2014-3505)

Adam Langley discovered that OpenSSL incorrectly handled memory when
processing DTLS handshake messages. A remote attacker could use this issue
to cause OpenSSL to consume memory, resulting in a denial of service.
(CVE-2014-3506)

Adam Langley discovered that OpenSSL incorrectly handled memory when
processing DTLS fragments. A remote attacker could use this issue to cause
OpenSSL to leak memory, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3507)

Ivan Fratric discovered that OpenSSL incorrectly leaked information in
the pretty printing functions. When OpenSSL is used with certain
applications, an attacker may use this issue to possibly gain access to
sensitive information. (CVE-2014-3508)

Gabor Tyukasz discovered that OpenSSL contained a race condition when
processing serverhello messages. A malicious server could use this issue
to cause clients to crash, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509)

Felix Grobert discovered that OpenSSL incorrectly handled certain DTLS
handshake messages. A malicious server could use this issue to cause
clients to crash, resulting in a denial of service. (CVE-2014-3510)

David Benjamin and Adam Langley discovered that OpenSSL incorrectly
handled fragmented ClientHello messages. If a remote attacker were able to
perform a machine-in-the-middle attack, this flaw could be used to force a
protocol downgrade to TLS 1.0. This issue only affected Ubuntu 12.04 LTS
and Ubuntu 14.04 LTS. (CVE-2014-3511)

Sean Devlin and Watson Ladd discovered that OpenSSL incorrectly handled
certain SRP parameters. A remote attacker could use this with applications
that use SRP to cause a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-3512)

Joonas Kuorilehto and Riku Hietamaki discovered that OpenSSL incorrectly
handled certain Server Hello messages that specify an SRP ciphersuite. A
malicious server could use this issue to cause clients to crash, resulting
in a denial of service. This issue only affected Ubuntu 12.04 LTS and
Ubuntu 14.04 LTS. (CVE-2014-5139)

Affected Software/OS:
'openssl' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 14.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-3505
BugTraq ID: 69081
http://www.securityfocus.com/bid/69081
Debian Security Information: DSA-2998 (Google Search)
http://www.debian.org/security/2014/dsa-2998
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://security.gentoo.org/glsa/glsa-201412-39.xml
HPdes Security Advisory: HPSBHF03293
http://marc.info/?l=bugtraq&m=142660345230545&w=2
HPdes Security Advisory: HPSBOV03099
http://marc.info/?l=bugtraq&m=141077370928502&w=2
HPdes Security Advisory: HPSBUX03095
http://marc.info/?l=bugtraq&m=140853041709441&w=2
HPdes Security Advisory: SSRT101674
HPdes Security Advisory: SSRT101846
http://www.mandriva.com/security/advisories?name=MDVSA-2014:158
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
NETBSD Security Advisory: NetBSD-SA2014-008
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
RedHat Security Advisories: RHSA-2014:1256
http://rhn.redhat.com/errata/RHSA-2014-1256.html
RedHat Security Advisories: RHSA-2014:1297
http://rhn.redhat.com/errata/RHSA-2014-1297.html
http://www.securitytracker.com/id/1030693
http://secunia.com/advisories/58962
http://secunia.com/advisories/59221
http://secunia.com/advisories/59700
http://secunia.com/advisories/59710
http://secunia.com/advisories/59743
http://secunia.com/advisories/59756
http://secunia.com/advisories/60022
http://secunia.com/advisories/60221
http://secunia.com/advisories/60493
http://secunia.com/advisories/60684
http://secunia.com/advisories/60687
http://secunia.com/advisories/60778
http://secunia.com/advisories/60803
http://secunia.com/advisories/60824
http://secunia.com/advisories/60917
http://secunia.com/advisories/60921
http://secunia.com/advisories/60938
http://secunia.com/advisories/61040
http://secunia.com/advisories/61100
http://secunia.com/advisories/61184
http://secunia.com/advisories/61250
http://secunia.com/advisories/61775
http://secunia.com/advisories/61959
SuSE Security Announcement: openSUSE-SU-2014:1052 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3506
BugTraq ID: 69076
http://www.securityfocus.com/bid/69076
FreeBSD Security Advisory: FreeBSD-SA-14:18
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
http://secunia.com/advisories/61017
XForce ISS Database: openssl-cve20143506-dos(95160)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95160
Common Vulnerability Exposure (CVE) ID: CVE-2014-3507
BugTraq ID: 69078
http://www.securityfocus.com/bid/69078
XForce ISS Database: openssl-cve20143507-dos(95161)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95161
Common Vulnerability Exposure (CVE) ID: CVE-2014-3508
BugTraq ID: 69075
http://www.securityfocus.com/bid/69075
HPdes Security Advisory: HPSBGN03099
http://marc.info/?l=bugtraq&m=140973896703549&w=2
HPdes Security Advisory: HPSBMU03260
http://marc.info/?l=bugtraq&m=142495837901899&w=2
HPdes Security Advisory: HPSBMU03261
http://marc.info/?l=bugtraq&m=143290522027658&w=2
HPdes Security Advisory: HPSBMU03263
http://marc.info/?l=bugtraq&m=143290437727362&w=2
HPdes Security Advisory: HPSBMU03267
http://marc.info/?l=bugtraq&m=142624590206005&w=2
HPdes Security Advisory: HPSBMU03304
http://marc.info/?l=bugtraq&m=142791032306609&w=2
HPdes Security Advisory: SSRT101894
http://secunia.com/advisories/60410
http://secunia.com/advisories/60861
http://secunia.com/advisories/61171
http://secunia.com/advisories/61214
http://secunia.com/advisories/61392
SuSE Security Announcement: SUSE-SU-2015:0578 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
XForce ISS Database: openssl-cve20143508-info-disc(95165)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95165
Common Vulnerability Exposure (CVE) ID: CVE-2014-3509
BugTraq ID: 69084
http://www.securityfocus.com/bid/69084
HPdes Security Advisory: HPSBMU03216
http://marc.info/?l=bugtraq&m=142350350616251&w=2
HPdes Security Advisory: SSRT101818
RedHat Security Advisories: RHSA-2015:0197
http://rhn.redhat.com/errata/RHSA-2015-0197.html
http://secunia.com/advisories/61139
XForce ISS Database: openssl-cve20143509-dos(95159)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95159
Common Vulnerability Exposure (CVE) ID: CVE-2014-3510
BugTraq ID: 69082
http://www.securityfocus.com/bid/69082
http://secunia.com/advisories/61045
XForce ISS Database: openssl-cve20143510-dos(95164)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95164
Common Vulnerability Exposure (CVE) ID: CVE-2014-3511
BugTraq ID: 69079
http://www.securityfocus.com/bid/69079
RedHat Security Advisories: RHSA-2015:0126
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://secunia.com/advisories/59887
http://secunia.com/advisories/60377
http://secunia.com/advisories/60810
http://secunia.com/advisories/60890
http://secunia.com/advisories/61043
XForce ISS Database: openssl-cve20143511-sec-bypass(95162)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95162
Common Vulnerability Exposure (CVE) ID: CVE-2014-3512
BugTraq ID: 69083
http://www.securityfocus.com/bid/69083
XForce ISS Database: openssl-cve20143512-dos(95158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95158
Common Vulnerability Exposure (CVE) ID: CVE-2014-5139
BugTraq ID: 69077
http://www.securityfocus.com/bid/69077
HPdes Security Advisory: HPSBMU03259
http://marc.info/?l=bugtraq&m=142624619906067&w=2
HPdes Security Advisory: HPSBMU03262
http://marc.info/?l=bugtraq&m=142624719706349&w=2
HPdes Security Advisory: HPSBMU03283
http://marc.info/?l=bugtraq&m=142624679706236&w=2
HPdes Security Advisory: SSRT101916
HPdes Security Advisory: SSRT101921
HPdes Security Advisory: SSRT101922
http://marc.info/?l=bugtraq&m=142624619906067
CopyrightCopyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.