44 matches found
SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9915)
This OpenSSL update fixes the following issues : - Session Ticket Memory Leak. CVE-2014-3567 - Build option no-ssl3 is incomplete. CVE-2014-3568 - Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
[SECURITY] [DLA 81-1] openssl security update
Package : openssl Version : 0.9.8o-4squeeze18 CVE ID : CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 Several vulnerabilities have been found in OpenSSL. CVE-2014-3566 "POODLE" A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher...
Design/Logic Flaw
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23clnt.c and s23srvr.c...
Privacy Tools — Tor Browser 4.0 and Tails 1.2 Update Released
Tor - Privacy oriented encrypted anonymizing service, has announced the launch of its next version of Tor Browser Bundle, Tor version 4.0, which disables SSL3 to prevent POODLE attack and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive...
Oracle Linux 6 / 7 : openssl (ELSA-2014-1652)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1652 advisory. - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV t...
VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)
The VMware vSphere Replication installed on the remote host is version 5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into oth...
Null pointer dereference
The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service NULL pointer dereference and client application crash via a crafted handshake message in conjunction with a 1...
CVE-2014-3510
The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service NULL pointer dereference and client application crash via a crafted handshake message in conjunction with a 1...
HP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities
The version of HP Smart Update manager running on the remote host is prior to 6.4.1. It is, therefore, affected by the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that...
HP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)
The version of HP OneView installed on the remote host is 1.0, 1.01, or 1.05. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL libraries : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow...
HP LoadRunner magentproc.exe Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Junos Pulse Secure Access IVE / UAC OS Multiple OpenSSL Vulnerabilities (JSA10629)
According to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by multiple vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue i...
openssl: freelist misuse causing a possible use-after-free
Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...
openssl: freelist misuse causing a possible use-after-free
Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...
UBUNTU-CVE-2014-0198
The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...
HP LoadRunner magentproc.exe Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP LoadRunner magentproc.exe Overflow...
CVE-2010-2939
Double free vulnerability in the ssl3getkeyexchange function in the OpenSSL client ssl/s3clnt.c in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
CVE-2010-0740
The ssl3getrecord function in ssl/s3pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service crash via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained...
gnutls security update
1.0.20-4.0.1.el48.7 - Bump release to resolve ULN up2date issue 1.0.20-4.7 - fix crash in the gnutls-cli tool needed for testing 1.0.20-4.5 - fix safe renegotiation in SSL3 protocol 1.0.20-4.4 - implement safe renegotiation - CVE-2009-3555 533125...
gnutls security update
1.4.1-3.8 - fix safe renegotiation on SSL3 protocol 1.4.1-3.7 - implement safe renegotiation - CVE-2009-3555 533125 - do not allow MD2 in certificate signatures by default - CVE-2009-2409 510197...