507 matches found
Mandrake Linux Security Advisory : openssl (MDKSA-2004:023)
A vulnerability was discovered by the OpenSSL group using the Codenomicon TLS Test Tool. The test uncovered a NULL pointer assignment in the dochangecipherspec function whih could be abused by a remote attacker crafting a special SSL/TLS handshake against a server that used the OpenSSL library in...
Mandrake Linux Security Advisory : openssl (MDKSA-2002:046-1)
An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory : 1. The client master key in SSL2 could be oversized and overrun a...
SuSE-SA:2004:007: openssl
The remote host is missing the patch for the advisory SuSE-SA:2004:007 openssl. OpenSSL is an implementation of the Secure Socket Layer SSL v2/3 and Transport Layer Security TLS v1 protocol. The NISCC informed us about to failure conditions in openssl that can be triggered to crash applications...
Fedora Core 1 : openssl-0.9.7a-33.10 (2004-095)
This update includes OpenSSL packages to fix two security issues affecting OpenSSL 0.9.7a which allow denial of service attacks; CVE-2004-0079 and CVE-2003-0851. Also included are updates for the OpenSSL 0.9.6 and 0.9.6b compatibility libraries included in Fedora Core 1, fixing a separate issue...
RHEL 3 : openssl (RHSA-2004:120)
Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. The OpenSSL toolkit implements Secure Sockets Layer SSL v2/v3, Transport Layer Security TLS v1 protocols, and serves as a full-strength general purpose cryptography...
US-CERT Technical Cyber Security Alert TA04-078A -- Multiple Vulnerabilities in OpenSSL
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA04-078A Multiple Vulnerabilities in OpenSSL Original release date: March 18, 2004 Last revised: -- Source: US-CERT Systems Affected Applications and systems that use the OpenSSL SSL/TLS library Overview Several...
Multiple OpenSSL DoS bugs
Few bugs patched during product audit...
Important: Red Hat Security Advisory: : Updated OpenSSL packages fix vulnerabilities
Updated OpenSSL packages that fix several remote denial of service vulnerabilities are now available. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. Testing performe...
[SECURITY] [DSA 465-1] New openssl packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 465-1 [email protected] http://www.debian.org/security/ Matt Zimmerman March 17th, 2004 http://www.debian.org/security/faq -...
Important: Red Hat Security Advisory: apache, openssl security update for Stronghold
Updated versions of Stronghold 4 cross-platform are available that fix security issues affecting OpenSSL and the Apache HTTP Server. A number of bug fixes are also included. Stronghold 4 contains a number of open source technologies, including OpenSSL 0.9.6 and the Apache HTTP Server. Testing...
Multiple OpenSSL Vulnerabilities
Background The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library...
SOL3082 - Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112
F5 Product Development tracked this issue and it was fixed in BIG-IP and 3-DNS 4.5.11 and 4.6.1. Obtaining and installing patches The TA04-078A patch has been issued for BIG-IP and 3-DNS 4.5.9 and 4.6. You may download the TA04-078A patch by navigating to the BIG-IP BIG-IP v4.x 4.5 section of the...
[SECURITY] [DSA 394-1] New openssl095 packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 394-1 [email protected] http://www.debian.org/security/ Martin Schulze October 11th, 2003 http://www.debian.org/security/faq -...
DSA-394 openssl095 - ASN.1 parsing vulnerability
Bulletin has no description...
Brute forcer for OpenSSL ASN.1 parsing bugs (<=0.9.6j <=0.9.7b)
No description provided by source. / Brute forcer for OpenSSL ASN.1 parsing bugs =0.9.6j =0.9.7b written by Bram Matthys Syzop on Oct 9 2003. This program sends corrupt client certificates to the SSL server which will 1 crash it 2 create lots of error messages, and/or 3 result in other...
OpenSSL - ASN.1 Parsing
OpenSSL - ASN.1 Parsing // source: https://www.securityfocus.com/bid/8732/info Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. Attackers could exploit these issues to cause a denial of service or to execute arbitrary code. / Brute forcer for OpenSSL ASN.1 parsing bugs...
OpenSSL - ASN.1 Parsing
// source: https://www.securityfocus.com/bid/8732/info Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. Attackers could exploit these issues to cause a denial of service or to execute arbitrary code. / Brute forcer for OpenSSL ASN.1 parsing bugs include include include...
FreeBSD-SA-03:18.openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:18.openssl Security Advisory The FreeBSD Project Topic: OpenSSL vulnerabilities in ASN.1 parsing Category: crypto Module: openssl Announced: 2003-10-03 Credits...
Moderate: Red Hat Security Advisory: mod_ssl, openssl security update for Stronghold
Updated versions of Stronghold 4 cross-platform are available that fix several security issues affecting OpenSSL and modssl. A number of bug fixes and new features are also included. Stronghold 4 contains a number of open source technologies, including OpenSSL 0.9.6 and modssl. NISCC testing of...
[Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
-----BEGIN PGP SIGNED MESSAGE----- OpenSSL Security Advisory 30 September 2003 Vulnerabilities in ASN.1 parsing ================================ NISCC www.niscc.gov.uk prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificate...