exploit the possibilities
Showing 1 - 7 of 7 RSS Feed

CVE-2009-1386

Status Candidate

Overview

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Related Files

HP Security Bulletin HPSBMA02492 SSRT100079
Posted Apr 23, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management

tags | advisory, vulnerability
advisories | CVE-2008-1468, CVE-2008-4226, CVE-2008-5557, CVE-2008-5814, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2010-1034
MD5 | 916052e54794349292b1ba571e712e52
VMware Security Advisory 2010-0004
Posted Mar 5, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.

tags | advisory, kernel
advisories | CVE-2009-2905, CVE-2008-4552, CVE-2008-4316, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-0590, CVE-2009-4022, CVE-2009-3560, CVE-2009-3720, CVE-2009-2904, CVE-2009-3563, CVE-2009-2695, CVE-2009-2849, CVE-2009-2695, CVE-2009-2908
MD5 | e7771d8406b79f65ee870397e15c5e8a
Mandriva Linux Security Advisory 2009-310
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-310 - Multiple security vulnerabilities has been identified and fixed in OpenSSL.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-2409
MD5 | bf47b4f54622d06750c518c6d72b8f24
Mandriva Linux Security Advisory 2009-238
Posted Sep 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-238 - Multiple vulnerabilities was discovered and corrected in openssl. This update provides a solution to these vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-2409
MD5 | 85e9f4ac59e253200ef515ac358553de
Mandriva Linux Security Advisory 2009-237
Posted Sep 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-237 - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws the scope of this issue is currently limited because the amount of computation required is still large. This update provides a solution to these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | linux, mandriva
advisories | CVE-2009-1386, CVE-2009-2409
MD5 | 07a4c05eba0a7f4d1e1867a20a27c5b7
Ubuntu Security Notice 792-1
Posted Jun 25, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-792-1 - It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occurred before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387
MD5 | 8a0f6e8d5cf353cfc8d4f7aa10111228
OpenSSL 0.9.8.h DTLS Denial Of Service
Posted Jun 4, 2009
Authored by Jon Oberheide

OpenSSL versions below 0.9.8i DTLS ChangeCipherSpec remote denial of service exploit.

tags | exploit, remote, denial of service
advisories | CVE-2009-1386
MD5 | 0f9054c289a0fab81f30c48e4f2e32df
Page 1 of 1
Back1Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close