Lucene search

K

[email protected]CVE-2009-1378

HistoryMay 19, 2009 - 7:30 p.m.

CVE-2009-1378

2009-05-1919:30:00

CWE-401

[email protected]

web.nvd.nist.gov

60

cve-2009-1378

memory leaks

openssl

denial of service

dtls records

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.1%

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka “DTLS fragment handling memory leak.”

CPENameOperatorVersion
openssl:opensslopenssllt0.9.8m
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

cvs.openssl.org/chngview?cn=18188

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

marc.info/?l=openssl-dev&m=124247679213944&w=2

marc.info/?l=openssl-dev&m=124263491424212&w=2

rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

secunia.com/advisories/35128

secunia.com/advisories/35416

secunia.com/advisories/35461

secunia.com/advisories/35571

secunia.com/advisories/35729

secunia.com/advisories/36533

secunia.com/advisories/37003

secunia.com/advisories/38761

secunia.com/advisories/38794

secunia.com/advisories/38834

secunia.com/advisories/42724

secunia.com/advisories/42733

security.gentoo.org/glsa/glsa-200912-01.xml

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

www.mandriva.com/security/advisories?name=MDVSA-2009:120

www.openwall.com/lists/oss-security/2009/05/18/1

www.redhat.com/support/errata/RHSA-2009-1335.html

www.securityfocus.com/bid/35001

www.securitytracker.com/id?1022241

www.ubuntu.com/usn/USN-792-1

www.vupen.com/english/advisories/2009/1377

www.vupen.com/english/advisories/2010/0528

kb.bluecoat.com/index?page=content&id=SA50

launchpad.net/bugs/cve/2009-1378

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229

www.exploit-db.com/exploits/8720

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.1%

Related for CVE-2009-1378

exploitpack2 f52 debiancve1 seebug6 prion1 ubuntucve1 veracode1 openssl1 exploitdb2 openvas47 nessus28 freebsd1 securityvulns6 altlinux8 fedora5 ubuntu1 osv1 debian1 gentoo1 oraclelinux4 centos1 redhat1 vmware4 lenovo2