what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

CVE-2013-0166

Status Candidate

Overview

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Related Files

Gentoo Linux Security Advisory 201402-08
Posted Feb 7, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-8 - Multiple vulnerabilities have been found in stunnel, the worst of which may cause a Denial of Service condition. Versions less than 4.56-r1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2013-1762
SHA-256 | 31d749575518e8dbefa0e344dea1c1971b5f9d57ef56cd9eca9f080b0a6ae029
Gentoo Linux Security Advisory 201312-03
Posted Dec 4, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-3 - Multiple vulnerabilities have been found in OpenSSL allowing remote attackers to determine private keys or cause a Denial of Service. Versions less than 1.0.0i are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2006-7250, CVE-2011-1945, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
SHA-256 | 380511be6e419bf1f679eb548827eea73dd38dc5884aa3ee7bdc7e4fdf03aa74
Apple Security Advisory 2013-09-12-1
Posted Sep 13, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.

tags | advisory
systems | apple, osx
advisories | CVE-2012-0883, CVE-2012-2686, CVE-2012-2687, CVE-2012-3499, CVE-2012-3817, CVE-2012-4244, CVE-2012-4558, CVE-2012-5166, CVE-2012-5688, CVE-2013-0166, CVE-2013-0169, CVE-2013-1025, CVE-2013-1026, CVE-2013-1027, CVE-2013-1028, CVE-2013-1029, CVE-2013-1030, CVE-2013-1031, CVE-2013-1032, CVE-2013-1033, CVE-2013-1635, CVE-2013-1643, CVE-2013-1824, CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2013-1903
SHA-256 | 6ba59298aa5785b3b0ac181767509f821759a4fbc0ab6e1b3056eb65c22a59a5
HP Security Bulletin HPSBUX02909
Posted Aug 2, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02909 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
SHA-256 | bd3989e7ffbbe4edf07702f6c532013ec639b2e618c84b0b6cbbc46c178961ac
Red Hat Security Advisory 2013-1013-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1013-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-3544, CVE-2012-4558, CVE-2013-0166, CVE-2013-0169, CVE-2013-2067, CVE-2013-2071
SHA-256 | 4d8adaa9bcaef993e656ec1d999154261c28702c77c144918b0a2f0f34812afd
Red Hat Security Advisory 2013-0833-01
Posted May 20, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0833-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2012-4529, CVE-2012-4572, CVE-2012-5575, CVE-2013-0166, CVE-2013-0169, CVE-2013-0218
SHA-256 | be31d08c9fe7f87aab712804d7ac09b4cc70f365f6057bdf0d3725e94bc73d3c
Red Hat Security Advisory 2013-0783-01
Posted May 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0783-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | afb6a79216774e542546dbb1bca6e4909511b67498263b7f0ec7ff8a629222b4
Red Hat Security Advisory 2013-0782-01
Posted May 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0782-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | 35e9165726ec8b7730d6c011ad7f011c013f4ed805b28c59be8118a1119d97d9
Mandriva Linux Security Advisory 2013-052
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-052 - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | 45f3e48573ae559cee00727235a6991efe4ffe008121b06d31f87dd310773e8f
FreeBSD Security Advisory - OpenSSL Weakness / Denial Of Service
Posted Apr 3, 2013
Site security.freebsd.org

FreeBSD Security Advisory - A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack.

tags | advisory, denial of service
systems | freebsd
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | b53bfd66b506dafcb90c6c9516eb9205fffab27069d0f3a35836d94fab93d2fe
HP Security Bulletin HPSBOV02852 SSRT101108
Posted Mar 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02852 SSRT101108 - Potential security vulnerabilities have been identified in HP SSL for OpenVMS. These vulnerabilities could allow remote Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2012-2333, CVE-2013-0166, CVE-2013-0169
SHA-256 | cb5cb5dfdeca2640750b4857366f5e36f9ac5ae17d59f19e92b7294ff275963c
HP Security Bulletin HPSBUX02856 SSRT101104
Posted Mar 22, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02856 SSRT101104 - Potential security vulnerabilities have been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or allow unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | 9917a432965b1459a3758cf6c669fbe20c9d2348e5edcfdba51ca85b607708f2
Red Hat Security Advisory 2013-0636-01
Posted Mar 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0636-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest.

tags | advisory, remote, arbitrary, root
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2012-6075, CVE-2013-0166, CVE-2013-0169, CVE-2013-1619
SHA-256 | b9a7ef0ff18dd828c5d57c86d14d909fe246d0a7a1f774fcff12bfc8e24254c1
Mandriva Linux Security Advisory 2013-018
Posted Mar 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-018 - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | bf5ab5e72a351205b935141e568c6333cdff26e500e2d5c8d2254663a10fe424
Red Hat Security Advisory 2013-0587-01
Posted Mar 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0587-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-4929, CVE-2013-0166, CVE-2013-0169
SHA-256 | b7d903807077f42489738c10fa1a2c73c8a13a97971c0e95a3061b959469a1d6
Ubuntu Security Notice USN-1732-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-1 - Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Stephen Henson discovered that OpenSSL incorrectly performed signature verification for OCSP responses. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0166, CVE-2013-0169, CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
SHA-256 | 3840d7b0427c8c47a692ec2a92d448203e10c63f63d934450bf70540d9f0574d
Debian Security Advisory 2621-1
Posted Feb 13, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2621-1 - Multiple vulnerabilities have been found in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | 2edf157c157d9f2e572bdf6653f44a0fe8f8a2c7e27d71ebfe74465d6160240d
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close