DSA-2125-1 openssl - buffer overflow

Bulletin has no description...

Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openssl vulnerability (USN-1018-1)

Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. CVE-2010-3864. Note that Tenable...

CVE-2010-3864

Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to 1 the T...

Race condition

Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to 1 the T...

CVE-2010-3864

Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to 1 the T...

CVE-2010-3864

Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to 1 the T...

CVE-2010-3864

Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to 1 the T...

Vulnerability in OpenSSL CVE-2010-3864

A flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL’s internal caching mechanism. Servers that are multi-process and/or disable internal...

openssl -- TLS extension parsing race condition

OpenSSL Team reports: Rob Hulswit has found a flaw in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. Any OpenSSL based TLS server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. Servers that...

Authentication flaw

Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/T...

CVE-2009-3936

Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/T...

CVE-2008-0891

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service crash via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information...

CVE-2008-0891

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service crash via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information...

Double free

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service crash via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information...

CVE-2008-0891

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service crash via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information...

Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt3

Aug. 7, 2007 Dmitry V. Levin 0.9.8d-alt3 - Fixed side-channel attack on private keys CVE-2007-3108, RH245732, http://cvs.openssl.org/chngview?cn=16275. - Mitigated branch prediction attacks RH250573, http://cvs.openssl.org/chngview?cn=16077. - Changed SSL/TLS server implementation to be stricter...

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8d-alt3

Aug. 7, 2007 Dmitry V. Levin 0.9.8d-alt3 - Fixed side-channel attack on private keys CVE-2007-3108, RH245732, http://cvs.openssl.org/chngview?cn=16275. - Mitigated branch prediction attacks RH250573, http://cvs.openssl.org/chngview?cn=16077. - Changed SSL/TLS server implementation to be stricter...

Mandrake Linux Security Advisory : openssl (MDKSA-2003:035)

Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the 'Bleichenbacher attack' on RSA with PKS 1 v1.5 padding as used ...