OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...

OpenSSL 0.9.8 < 0.9.8i Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.8i. It is, therefore, affected by a vulnerability as referenced in the 0.9.8i advisory. - ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a...

OpenSSL DTLS ChangeCipherSpec Remote DoS

This module performs a Denial of Service Attack against Datagram TLS in OpenSSL version 0.9.8i and earlier. OpenSSL crashes under these versions when it receives a ChangeCipherspec Datagram before a ClientHello. This module requires Metasploit: https://metasploit.com/download Current source:...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6296)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

openssl: DTLS NULL deref crash on early ChangeCipherSpec request

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-974)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-974)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

USN-792-1: OpenSSL vulnerabilities

It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. CVE-2009-1377 It was discovered that...

OpenSSL ChangeCipherSpec DTLS报文拒绝服务漏洞

BUGTRAQ ID: 35174 CVECAN ID: CVE-2009-1386 OpenSSL是一种开放源码的SSL实现，用来实现网络通信的高强度加密，现在被广泛地用于各种网络应用程序中。 如果在ClientHello报文之前发送了DTLS ChangeCipherSpec报文，就可能在OpenSSL的ssl/s3pkt.c文件中触发空指针引用，导致拒绝服务的情况。 OpenSSL 0.9.8i 厂商补丁： OpenSSL Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

OpenSSL &lt; 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit

No description provided by source. / cve-2009-1386.c OpenSSL 0.9.8i DTLS ChangeCipherSpec Remote DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 OpenSSL would SegFault if the DTLS server receives a...

Null pointer dereference

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

CVE-2009-1386

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

DEBIAN-CVE-2009-1386

ssl/s3pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a DTLS ChangeCipherSpec packet that occurs before ClientHello...

CVE-2009-1386

CVE-2009-1386 affects OpenSSL’s DTLS implementation: ssl/s3_pkt.c in OpenSSL versions before 0.9.8i allows a remote attacker to cause a denial of service via a ChangeCipherSpec datagram sent before ClientHello, causing a NULL pointer dereference and daemon crash. Public details place the vulnerab...

OpenSSL &lt; 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service

/ cve-2009-1386.c OpenSSL http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as the first record instead of ClientHello. Usage: Pass the host and port of the target DTLS server: $...

OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit

Exploit for multiple platform in category dos / poc ========================================================= OpenSSL include include include include include include include include include int mainint argc, char argv int sock, ret; char ptr, err; struct hostent h; struct sockaddrin target; char...

OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service

OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service / cve-2009-1386.c OpenSSL http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as the first record instead of...

PT-2014-9091

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8za OpenSSL versions prior to 1.0.0m OpenSSL versions prior to 1.0.1h Description The issue exists due to incorrect restriction of ChangeCipherSpec message processing in OpenSSL, allowing a man-in-the-middle...