CentOS 6 / 7 : openssl (CESA-2014:1052)

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

DEBIAN-CVE-2014-3505

Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application crash via crafted DTLS packets that trigger an error condition...

DEBIAN-CVE-2014-3506

d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values...

openssl: DTLS memory exhaustion

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

openssl: DTLS memory leak from zero-length fragments

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

openssl: DTLS memory exhaustion

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

openssl: DoS when sending invalid DTLS handshake

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash...

openssl: DTLS packet processing double free

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

USN-2308-1 openssl vulnerabilities

Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3505 Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS...

UBUNTU-CVE-2014-3507

Memory leak in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service memory consumption via zero-length DTLS fragments that trigger improper handling of the return value of a certain...

UBUNTU-CVE-2014-3505

Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application crash via crafted DTLS packets that trigger an error condition...

openssl: DoS when sending invalid DTLS handshake

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash...

kernel: net: rds: dereference of a NULL device in rds_ib_laddr_check()

A NULL pointer dereference flaw was found in the rdsibladdrcheck function in the Linux kernel's implementation of Reliable Datagram Sockets RDS. A local, unprivileged user could use this flaw to crash the system...

kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()

A NULL pointer dereference flaw was found in the rdsiwladdrcheck function in the Linux kernel's implementation of Reliable Datagram Sockets RDS. A local, unprivileged user could use this flaw to crash the system...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()

A NULL pointer dereference flaw was found in the rdsiwladdrcheck function in the Linux kernel's implementation of Reliable Datagram Sockets RDS. A local, unprivileged user could use this flaw to crash the system...

StarSiege Tribes Server Denial of Service Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/8184/info StarSiege Tribes Game Server has been reported prone to a remotely triggered denial of service vulnerability. The issue presents itself when the affected server receives and processes a malformed UDP datagram...

Linux kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/580/info Certain Linux kernels in the 2.0.3x range are susceptible to blind TCP spoofing attacks due to the way that the kernel handles invalid ack sequence numbers, and the way it assigns IDs to outgoing IP datagrams. Fo...

OpenBSD <= 4.5 IP datagram Null Pointer Deref DoS Exploit

No description provided by source. import sys from scapy import victim=sys.argv1 icmpv6=58 p=IPdst=victim p.proto=icmpv6 srp,timeout=1 milw0rm.com 2009-04-14...

OpenSSL DTLS Fragment Buffer Overflow DoS Exploit

This module performs a Denial of Service Attack against Datagram TLS in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. This occurs when a DTLS ClientHello message has multiple fragments and the fragment lengths of later fragments are larger than that of the first, a buffer...