OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple Vulnerabilities

Binary data 801067.prm...

CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

OpenSSL < 0.9.8l Multiple Vulnerabilities

According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8l. As such, it may be affected by multiple vulnerabilities : - A remote attacker could crash the server by sending malformed ASN.1 data. This flaw only affects some architectures, Win64 and other...

OpenSSL 0.9.8 < 0.9.8k Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.8k. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8k advisory. - OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remo...

Ubuntu Update for openssl vulnerabilities USN-1029-1

Ubuntu Update for Linux kernel vulnerabilities USN-1029-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10291.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openssl vulnerabilities USN-1029-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu Update for openssl vulnerabilities USN-1003-1

Ubuntu Update for Linux kernel vulnerabilities USN-1003-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10031.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openssl vulnerabilities USN-1003-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2009-3245

OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors...

[USN-792-1] OpenSSL vulnerabilities

=========================================================== Ubuntu Security Notice USN-792-1 June 25, 2009 openssl vulnerabilities CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 =========================================================== A security issue affects the...

Ubuntu Update for openssh update USN-612-7

Ubuntu Update for Linux kernel vulnerabilities USN-612-7 OpenVAS Vulnerability Test $Id: gbubuntuUSN6127.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openssh update USN-612-7 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net...

Ubuntu Update for openssl vulnerabilities USN-620-1

Ubuntu Update for Linux kernel vulnerabilities USN-620-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6201.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openssl vulnerabilities USN-620-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

DTSA-136-1 openssl - multiple vulnerabilities

Bulletin has no description...

Ubuntu 6.06 LTS : openssh update (USN-612-7)

USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems tha...

HP-UX PHSS_30639 : HP-UX Running Apache, Remote Denial of Service (DoS) (HPSBUX01019 SSRT4717 rev.3)

s700800 11.04 Virtualvault 4.7 IWS update : Two potential security vulnerabilities have been identified in OpenSSL by NISCC 224012/1 and 224012/2. The Common Vulnerabilities and Exposures project has referenced them as the following CAN-2004-0079, and CAN-2004-0112. The CERT summary is TA04-078A...

Debian DSA-465-1 : openssl - several vulnerabilities

Two vulnerabilities were discovered in openssl, an implementation of the SSL protocol, using the Codenomicon TLS Test Tool. More information can be found in the following NISCC Vulnerability Advisory and this OpenSSL advisory. The Common Vulnerabilities and Exposures project identified the...

Debian DSA-136-1 : openssl - multiple remote exploits

The OpenSSL development team has announced that a security audit by A.L. Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed remotely exploitable buffer overflow conditions in the OpenSSL code. Additionally, the ASN1 parser in OpenSSL has a potential DoS attack independently...

Debian DSA-394-1 : openssl095 - ASN.1 parsing vulnerability

Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre NISCC. A bug in OpenSSLs SSL/TLS protocol was also identifie...

Debian DSA-288-1 : openssl - several vulnerabilities

Researchers discovered two flaws in OpenSSL, a Secure Socket Layer SSL library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise. The...

GLSA-200403-03 : Multiple OpenSSL Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200403-03 Multiple OpenSSL Vulnerabilities Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a NULL pointer assignment in the dochangecipherspec function. A remote attacker could perform a...

OpenSSL < 0.9.6m / 0.9.7d Multiple DoS

Binary data 2183.prm...

Mandrake Linux Security Advisory : openssl (MDKSA-2003:098)

Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the...