PT-2009-5966 · Vmware · Vmware Server +3

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 7.0 through 7.0.0 before build 227600 VMware Workstation version 6.5.x through 6.5.3 before build 246459 VMware Player versions 3.0 through 3.0.0 before build 227600 VMware Player version 2.5.x through 2.5.3 before...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6296)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Design/Logic Flaw

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service application crash via JavaScript code that calls eval on a long string composed of A/ sequences...

gfs2-utils security and bug fix update

0.1.62-1 - Fix man page references to fsck.gfs2. - Resolves: rhbz477072 0.1.61-1 - fsck.gfs2 no longer segfaults when fixing 'EA leaf block type' problems. - Resolves: rhbz510758 0.1.60-1 - When '/' is a gfs2 file system it is now properly mounted without an error. - Resolves: rhbz507893 0.1.59-1...

OpenSSL: DTLS fragment handling memory DoS

Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers much greater than current sequenc...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-974)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : libopenssl-devel (libopenssl-devel-974)

OpenSSL DTLS remote DoS in ChangeCipherSpec CVE-2009-1386 and in out-of-sequence message handling CVE-2009-1387 have been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

USN-792-1: OpenSSL vulnerabilities

It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. CVE-2009-1377 It was discovered that...

CVE-2009-1387

The dtls1retrievebufferedfragment function in ssl/d1both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence DTLS handshake message, related to a "fragment bug."...

Null pointer dereference

The dtls1retrievebufferedfragment function in ssl/d1both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via an out-of-sequence DTLS handshake message, related to a "fragment bug."...

CVE-2009-1387

CVE-2009-1387 affects the OpenSSL DTLS implementation. The vulnerability resides in the function dtls1_retrieve_buffered_fragment (ssl/d1_both.c) in OpenSSL before 1.0.0 Beta 2, where an out-of-sequence DTLS handshake message can trigger a NULL pointer dereference and daemon crash, i.e., a denial...

Apple Mac OS X xterm memory corruption

Integer overflow on CSI4 ESC-sequence...

DEBIAN-CVE-2009-1378

Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers much greater than current sequenc...

CVE-2009-1378

Multiple memory leaks in the dtls1processoutofseqmessage function in ssl/d1both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service memory consumption via DTLS records that 1 are duplicates or 2 have sequence numbers much greater than current sequenc...

OpenSSL <= 0.9.8k 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS

No description provided by source. / cve-2009-1378.c OpenSSL = 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 In dtls1processoutofseqmessage the check if the...

HP-UX Update for ARPA Transport HPSBUX00205

Check for the Version of ARPA Transport OpenVAS Vulnerability Test HP-UX Update for ARPA Transport HPSBUX00205 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

HP-UX Update for ARPA Transport HPSBUX00205

Check for the Version of ARPA Transport OpenVAS Vulnerability Test HP-UX Update for ARPA Transport HPSBUX00205 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

FreeBSD : hafiye -- lack of terminal escape sequence filtering (027380b7-3404-11d9-ac1b-000d614f7fad)

A siyahsapka.org advisory reads : Hafiye-1.0 doesnt filter the payload when printing it to the terminal. A malicious attacker can send packets with escape sequence payloads to exploit this vulnerability. If Hafiye has been started with -n packet count option , the vulnerability could allow remote...

Mandriva Linux Security Advisory : xterm (MDVSA-2009:005)

A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute...

Fedora 10 : xterm-238-1.fc10 (2009-0091)

This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related...