exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2013-6450

Status Candidate

Overview

The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.

Related Files

Gentoo Linux Security Advisory 201412-39
Posted Dec 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6449, CVE-2013-6450, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | a8911a2cd573d9d9b7a21dda6fda6b8c703d63c5dd4ba76095ba2d228441fbae
HP Security Bulletin HPSBMU02998 4
Posted May 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 4 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
SHA-256 | b3fa1d0558fcbc91c2bc9655d1753596f578e24bdc3fbc14379ffefcbeff95b9
HP Security Bulletin HPSBMU02998 3
Posted May 3, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 3 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
SHA-256 | c9685c1be9739974f18aeecc3433961057ad78f3c535bd0a7eebe068b0ba2914
HP Security Bulletin HPSBMU02998 2
Posted Apr 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02998 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2014-0160
SHA-256 | 733ae6b6c797c2f872b96a8cfe71841d57f9fd119cfbb08abf8bc944a7445c49
Mandriva Linux Security Advisory 2014-007
Posted Jan 18, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-007 - The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-6450
SHA-256 | 7a7edc673b8aa4809fa4882410bf5431e74327edd08dae83d3353c992b6391ba
FreeBSD Security Advisory - OpenSSL Issues
Posted Jan 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - A carefully crafted invalid TLS handshake could crash OpenSSL with a NULL pointer exception. A flaw in DTLS handling can cause an application using OpenSSL and DTLS to crash. A flaw in OpenSSL can cause an application using OpenSSL to crash when using TLS version 1.2.

tags | advisory
systems | freebsd
advisories | CVE-2013-6449, CVE-2013-4353, CVE-2013-6450
SHA-256 | 8cfc9cbab96b1b477732894dceb5515843f94bda1957f4f8b56f78b5d7e6a1d7
Slackware Security Advisory - openssl Updates
Posted Jan 14, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
SHA-256 | ebc0bf7db2c1373c3cec26d9751559ebf1ff1de1ec43698726547a8808565a5d
OpenSSL Toolkit 1.0.1f
Posted Jan 10, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A TLS record tampering bug was fixed. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception (CVE-2013-4353). Original DTLS digest and encryption contexts are kept in retransmission structures so that the previous session parameters can be used if they need to be re-sent (CVE-2013-6450). A SSL_OP_SAFARI_ECDHE_ECDSA_BUG option (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X was added.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-4353, CVE-2013-6450
SHA-256 | 6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
Ubuntu Security Notice USN-2079-1
Posted Jan 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2079-1 - Anton Johansson discovered that OpenSSL incorrectly handled certain invalid TLS handshakes. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Ron Barber discovered that OpenSSL used an incorrect data structure to obtain a version number. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Dmitry Sobinov discovered that OpenSSL incorrectly handled certain DTLS retransmissions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
SHA-256 | 8b01c75a1f6dc71ca305dc74fc6913c030cad0950cfba7ec713698b31175de80
Red Hat Security Advisory 2014-0015-01
Posted Jan 9, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0015-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2013-4353, CVE-2013-6449, CVE-2013-6450
SHA-256 | e810c2f62369368cb293ec77fdf44a3403252f30e6633f76d3085aec1b4a7d94
Debian Security Advisory 2833-1
Posted Jan 3, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2833-1 - was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this updates disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-6449, CVE-2013-6450
SHA-256 | 56f45ba1a08e9fe54a9e11c085f0d99ae3cf6d0d984ba08ef5105d675e05005a
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    22 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close