what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2013-4353

Status Candidate

Overview

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Related Files

HP Security Bulletin HPSBMU02998 4
Posted May 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 4 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
SHA-256 | b3fa1d0558fcbc91c2bc9655d1753596f578e24bdc3fbc14379ffefcbeff95b9
HP Security Bulletin HPSBMU02998 3
Posted May 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
SHA-256 | c9685c1be9739974f18aeecc3433961057ad78f3c535bd0a7eebe068b0ba2914
HP Security Bulletin HPSBMU02998 2
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
SHA-256 | 733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49
Red Hat Security Advisory 2014-0416-01
Posted Apr 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0416-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. The mingw-virt-viewer package has been updated to correct the following issues: An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.

tags | advisory, info disclosure
systems | linux, redhat, windows
advisories | CVE-2012-4929, CVE-2013-0169, CVE-2013-4353, CVE-2014-0160
SHA-256 | 0032421aec1d1d27f91354a5fea1ce01a8e83f64e4d39583854c2b9d91e466a1
Gentoo Linux Security Advisory 201402-25
Posted Feb 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-25 - A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. Versions less than 1.0.1f are affected.

tags | advisory, denial of service
systems | linux, gentoo
advisories | CVE-2013-4353
SHA-256 | dc177282d243b8879ad0b5b085aa003520dc2c9504ed6635ff0590bdc37c0499
Red Hat Security Advisory 2014-0041-01
Posted Jan 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0041-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4353, CVE-2013-5605, CVE-2013-5606, CVE-2013-6449
SHA-256 | b4c76518fefda3f3206630aed636919cd1cea85e9a2b797b898a47ee35f3368f
FreeBSD Security Advisory - OpenSSL Issues
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.

tags | advisory
systems | freebsd
advisories | CVE-2013-6449, CVE-2013-4353, CVE-2013-6450
SHA-256 | 8cfc9cbab96b1b477732894dceb5515843f94bda1957f4f8b56f78b5d7e6a1d7
Slackware Security Advisory - openssl Updates
Posted Jan 14, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
SHA-256 | ebc0bf7db2c1373c3cec26d9751559ebf1ff1de1ec43698726547a8808565a5d
OpenSSL Toolkit 1.0.1f
Posted Jan 10, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A TLS record tampering bug was fixed. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception (CVE-2013-4353). Original DTLS digest and encryption contexts are kept in retransmission structures so that the previous session parameters can be used if they need to be re-sent (CVE-2013-6450). A SSL_OP_SAFARI_ECDHE_ECDSA_BUG option (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X was added.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-4353, CVE-2013-6450
SHA-256 | 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
Ubuntu Security Notice USN-2079-1
Posted Jan 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2079-1 - Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
SHA-256 | 8b01c75a1f6dc71ca305dc74fc6913c030cad0950cfba7ec713698b31175de80
Red Hat Security Advisory 2014-0015-01
Posted Jan 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0015-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
SHA-256 | e810c2f62369368cb293ec77fdf44a3403252f30e6633f76d3085aec1b4a7d94
Debian Security Advisory 2837-1
Posted Jan 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2837-1 - Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference.

tags | advisory
systems | linux, debian
advisories | CVE-2013-4353
SHA-256 | 6994946e9b9d496cd4cb38e8153d382c718c783522f5a47212b7c7e15cdef6c6
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close