SA111 : OpenSSL Vulnerabilities 28-Jan-2016

SUMMARY Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, and 0.9.8 are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain ephemeral Diffie-Hellman DHE private key information and perform man-in-the-middle attacks on SSL/TLS...

VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The remote VMware ESXi host is affected by multiple vulnerabilities in the OpenSSL third-party library : - A use-after-free error exists in the ssl3readbytes function in file ssl/s3pkt.c that is triggered when a second read is done to the function by multiple threads when SSLMODERELEASEBUFFERS is...

SUSE-SU-2015:2253-1 Security update for openssl

This update for openssl fixes the following issues: Security fixes: - CVE-2015-3194: The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines...

Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE)

According to its model number and software version, the remote Xerox ColorQube device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages...

Xerox WorkCentre 3550 OpenSSL Multiple Vulnerabilities (XRX15AJ) (FREAK) (POODLE)

According to its model number and software version, the remote Xerox WorkCentre 3550 device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting...

SA105 : OpenSSL Vulnerabilities 3-Dec-2015

SUMMARY Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, 1.0.0 and 0.9.8 are susceptible to one or more vulnerabilities. A remote attacker may exploit these vulnerabilities to obtain private key information and information stored in the target's volatile memory. The attacker ca...

MassBleed - Mass SSL Vulnerability Scanner

USAGE sh massbleed.sh CIDR|IP single|port|subnet port proxy ABOUT This script has four main functions with the ability to proxy all connections: 1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp https example: sh massbleed.sh 192.168.0.0/16 2. To scan any CIDR range for...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2830-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2830-1 advisory. Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacke...

USN-2830-1 openssl vulnerabilities

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10...

Nessus 5.x < 5.2.12 / 6.x < 6.4 Multiple OpenSSL Vulnerabilities

According to its version, the installation of Tenable Nessus running on the remote host is version 5.x prior to 5.2.12 or 6.x prior to 6.4. It is, therefore, affected by multiple denial of service vulnerabilities in the bundled OpenSSL component : - A denial of service vulnerability exists when...

Blue Coat ProxySG 6.2.x < 6.2.16.4 / 6.5.x < 6.5.7.5 / 6.6.x < 6.6.2.1 Multiple OpenSSL Vulnerabilities

The self-reported SGOS version of the remote Blue Coat ProxySG device is 6.2.x prior to 6.2.16.4, 6.5.x prior to 6.5.7.5, or 6.6.x prior to 6.6.2.1. Therefore, it contains a bundled version of OpenSSL that is affected by multiple vulnerabilities : - An invalid read flaw exists in the ASN1TYPEcmp...

SUSE-SU-2015:1150-1 Security update for compat-openssl098

This update fixes the following security issues: - CVE-2015-4000 boo931698 The Logjam Attack / weakdh.org reject connections with DH parameters shorter than 1024 bits generates 2048-bit DH parameters by default - CVE-2015-1788 boo934487 Malformed ECParameters causes infinite loop - CVE-2015-1789...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2639-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2639-1 advisory. Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker cou...

MS KB3062760: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (FREAK)

The remote Windows host is missing KB3062760, which resolves multiple OpenSSL vulnerabilities in the Juniper Networks Windows In-Box Junos Pulse client shipped with Windows 8.1 : - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows ...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the openssl-1.0.1e package of the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the CentOS operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities of the openssl-devel-1.0.1e package on the CentOS operating system can lead to a violation of the accessibility of protected information. Exploitation of these vulnerabilities can be carried out remotely...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities exist in the openssl package up to version 1.0.0j, and up to version 0.9.8y of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the openssl package up to version 1.0.0g of the Gentoo Linux operating system can lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality of protected information

Multiple vulnerabilities in the openssl package up to version 1.0.1g of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of the confidentiality of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the openssl package up to version 0.9.8e-r3 of the Gentoo Linux operating system can lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...