what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2013-6450

Status Candidate

Overview

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

Related Files

Gentoo Linux Security Advisory 201412-39
Posted Dec 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6449, CVE-2013-6450, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
MD5 | e0e683c2c26350bc4057f6847954bb6e
HP Security Bulletin HPSBMU02998 4
Posted May 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 4 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
MD5 | 676682c7b3444cd10fb1f2de91bdafe1
HP Security Bulletin HPSBMU02998 3
Posted May 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
MD5 | 1a919ddbb8354aa5a2f4fdad1eb24522
HP Security Bulletin HPSBMU02998 2
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
MD5 | 7c105f0e88710253eeeddfeb03a62f77
Mandriva Linux Security Advisory 2014-007
Posted Jan 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-007 - The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6450
MD5 | 667b16b0b27abdf3393b693270e9c126
FreeBSD Security Advisory - OpenSSL Issues
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.

tags | advisory
systems | freebsd
advisories | CVE-2013-6449, CVE-2013-4353, CVE-2013-6450
MD5 | 4ecd654abd0aaee44e4ef6858c4cc839
Slackware Security Advisory - openssl Updates
Posted Jan 14, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
MD5 | 1b294b565d775225cf378b80a21e66d3
OpenSSL Toolkit 1.0.1f
Posted Jan 10, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A TLS record tampering bug was fixed. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception (CVE-2013-4353). Original DTLS digest and encryption contexts are kept in retransmission structures so that the previous session parameters can be used if they need to be re-sent (CVE-2013-6450). A SSL_OP_SAFARI_ECDHE_ECDSA_BUG option (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X was added.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-4353, CVE-2013-6450
MD5 | f26b09c028a0541cab33da697d522b25
Ubuntu Security Notice USN-2079-1
Posted Jan 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2079-1 - Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
MD5 | 72a1dfbc1ac072c13c703fd064617332
Red Hat Security Advisory 2014-0015-01
Posted Jan 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0015-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
MD5 | a43d3d2af1a56694b28e8150c429bc4f
Debian Security Advisory 2833-1
Posted Jan 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2833-1 - was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-6449, CVE-2013-6450
MD5 | 742564a63373e7f7bbb1cc8bab905ada
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    14 Files
  • 14
    Jul 14th
    17 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close