what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2009-3245

Status Candidate

Overview

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Related Files

ABB HMI Outdated Software Components
Posted Jun 21, 2019
Authored by xen1thLabs

ABB HMI uses outdated software components that are statically linked into the firmware files and service binaries. These components have documented vulnerabilities and should be updated and replaced. It was possible to identify severally outdated OpenSSL (version 0.9.8g) and ABYSS HTTP (version 0.4) server components.

tags | advisory, web, vulnerability
advisories | CVE-2009-3245
MD5 | d9b77c26910ae6df3ac760462ddd0df5
Gentoo Linux Security Advisory 201110-01
Posted Oct 9, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-1 - Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Multiple vulnerabilities have been discovered in OpenSSL. Versions less than 1.0.0e are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3245, CVE-2009-4355
MD5 | b01551d0ba065810deb83e7848d5abff
Red Hat Security Advisory 2011-0896-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419
MD5 | 5e2544d20fad08fc33f74eb54e65a77a
Ubuntu Security Notice 1003-1
Posted Oct 8, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1003-1 - It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.04 and 9.10. It was discovered that OpenSSL incorrectly handled certain private keys with an invalid prime. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-3245, CVE-2010-2939
MD5 | 40a8fd0bc056f11bcd2e4aaaff0f477b
VMware Security Advisory 2010-0015
Posted Sep 30, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory 2010-0015 - ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages.

tags | advisory
advisories | CVE-2009-2409, CVE-2009-3245, CVE-2009-3555, CVE-2009-3767, CVE-2010-0433, CVE-2010-0734, CVE-2010-0826, CVE-2010-1646
MD5 | 9f99f58fbdd8d777048475ace5b9e8a4
HP Security Bulletin HPSBOV02540 SSRT090249
Posted Jun 18, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability
advisories | CVE-2008-5077, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-3245
MD5 | b134d55a57e80dbade7837d63cb7577c
Mandriva Linux Security Advisory 2010-076
Posted Apr 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Packages for 2009.0 are provided due to the Extended Maintenance Program.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-3555, CVE-2009-3245, CVE-2010-0740, CVE-2010-0433
MD5 | bbaee0f827d0bd92c66458587ca9c5d7
Mandriva Linux Security Advisory 2010-076
Posted Apr 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-3555, CVE-2009-3245, CVE-2010-0740, CVE-2010-0433
MD5 | d807ffe9f3511e6ba382e0b0ad75d95f
HP Security Bulletin HPSBUX02517 SSRT100058
Posted Apr 15, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, info disclosure
systems | hpux
advisories | CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740
MD5 | 77e589d6c79ad215aec9070fcc11b072
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    16 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close