195 matches found
Vulnerability in OpenSSL - SSL, TLS and DTLS Plaintext Recovery Attack
A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing. Found by Nadhem J. AlFardan and Kenneth G. Paterson of the Information Security Group Royal Holloway, University of London...
Mandriva Update for openssl MDVSA-2012:073 (openssl)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2011-3210
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via out-of-order messages that violate t...
DEBIAN-CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that causes an...
GLSA-200403-03 : Multiple OpenSSL Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200403-03 Multiple OpenSSL Vulnerabilities Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the dochangecipherspec function. A remote attacker could perform a...
Mandrake Linux Security Advisory : openssl (MDKSA-2004:023)
A vulnerability was discovered by the OpenSSL group using the Codenomicon TLS Test Tool. The test uncovered a NULL pointer assignment in the dochangecipherspec function whih could be abused by a remote attacker crafting a special SSL/TLS handshake against a server that used the OpenSSL library in...
RHEL 3 : openssl (RHSA-2004:120)
Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. The OpenSSL toolkit implements Secure Sockets Layer SSL v2/v3, Transport Layer Security TLS v1 protocols, and serves as a full-strength general purpose cryptography...
NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-005 ================================= Topic: Denial of service vulnerabilities in OpenSSL Version: NetBSD-current: source prior to March 22, 2004 NetBSD 2.0: branch unaffected, release will include the fix NetBSD 1.6.2: affected...
CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service crash via a crafted SSL/TLS handshake that causes an...
Important: Red Hat Security Advisory: : Updated OpenSSL packages fix vulnerabilities
Updated OpenSSL packages that fix several remote denial of service vulnerabilities are now available. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. Testing performe...
Important: Red Hat Security Advisory: openssl security update
Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. The OpenSSL toolkit implements Secure Sockets Layer SSL v2/v3, Transport Layer Security TLS v1 protocols, and serves as a full-strength general purpose cryptography...
OpenSSL Security Advisory [17 March 2004]
OpenSSL Security Advisory 17 March 2004 Updated versions of OpenSSL are now available which correct two security issues: 1. Null-pointer assignment during SSL handshake =============================================== Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool...
Multiple OpenSSL Vulnerabilities
Background The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library...
PT-2004-1088 · Openssl · Openssl
Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.7a through 0.9.7c Description: The issue is related to the SSL/TLS handshaking code in OpenSSL, which does not properly check the length of Kerberos tickets during a handshake when using Kerberos ciphersuites. This allows...
Moderate: Red Hat Security Advisory: openssl security update
Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...