exploit the possibilities
Showing 1 - 25 of 25 RSS Feed

CVE-2014-0076

Status Candidate

Overview

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Related Files

HP Security Bulletin HPSBST03642 3
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3566, CVE-2016-0705
MD5 | 2a7fc4c484132a88fb19a3bff6be7eaa
Mandriva Linux Security Advisory 2015-062
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 9412decee50df63b317420ad5180fc9f
Apple Security Advisory 2014-09-17-3
Posted Sep 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.

tags | advisory, php, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-7345, CVE-2014-0076, CVE-2014-0185, CVE-2014-0195, CVE-2014-0207, CVE-2014-0221, CVE-2014-0224, CVE-2014-0237, CVE-2014-0238, CVE-2014-1391, CVE-2014-1943, CVE-2014-2270, CVE-2014-2525, CVE-2014-3470, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4350, CVE-2014-4374, CVE-2014-4376, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4381
MD5 | fc28042ffd26443278d5bacc74e2c78e
HP Security Bulletin HPSBMU03076 2
Posted Aug 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | fc0fb1a5c99c50587972068ea54dd519
EMC Documentum Code Execution / DQL Injection
Posted Aug 19, 2014
Site emc.com

EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);

tags | advisory, vulnerability, code execution, info disclosure
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-2520, CVE-2014-2521, CVE-2014-3470, CVE-2014-4618
MD5 | 195d54f55c648fad9271c1531c1e58bd
HP Security Bulletin HPSBMU03062
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | a5b9594c915060ca771d3ef479ffd948
HP Security Bulletin HPSBMU03076
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 78abb553bb8284ca617ee022596963bb
HP Security Bulletin HPSBMU03074
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 89c6a01d103437d13c08d2549cf36f2a
HP Security Bulletin HPSBGN03050
Posted Jul 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03050 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 1c13d6a9c3efdd37f5a926d6bee2bae5
HP Security Bulletin HPSBMU03051 2
Posted Jul 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03051 2 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | c403a60a2c4f946fe996f5824dc17f78
HP Security Bulletin HPSBMU03056
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03056 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | c593afb8ed3278760c923d0566ff0faf
HP Security Bulletin HPSBMU03057
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03057 - Potential security vulnerabilities have been identified with HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | c19a68128ba8889a700b22211e6d6ec2
HP Security Bulletin HPSBMU03051
Posted Jun 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03051 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 854a1f36774eefb78b4e48e7864254e8
HP Security Bulletin HPSBOV03047
Posted Jun 19, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03047 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 12bd5186b3011264435ff20c384bd327
HP Security Bulletin HPSBUX03046 SSRT101590 2
Posted Jun 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03046 SSRT101590 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 0713de23cf2c472ecfc4bd2121483262
HP Security Bulletin HPSBUX03046 SSRT101590
Posted Jun 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03046 SSRT101590 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 2d88d40709179c983042cfde9223693f
OpenSSL Toolkit 1.0.1h
Posted Jun 10, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Various security fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 8d6d684a9430d5cc98a62a5d8fbda8cf
OpenSSL Security Advisory - MITM / Recursion / DoS
Posted Jun 5, 2014
Site openssl.org

OpenSSL suffers from SSL/TLS MITM, DTLS recursion, DTLS invalid fragment, SSL_MODE_RELEASE_BUFFERS NULL pointer dereference, session injection, and various other vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 5969edfa68307feb60fefe15f6715df3
Debian Security Advisory 2908-1
Posted Apr 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2908-1 - Multiple vulnerabilities have been discovered in OpenSSL.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2010-5298, CVE-2014-0076
MD5 | c018a0cb5659d8eaea5aa88d90138803
FreeBSD Security Advisory - OpenSSL Issues
Posted Apr 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - FreeBSD is alerting everyone to multiple OpenSSL vulnerabilities. The code used to handle the Heartbeat Extension does not do sufficient boundary checks on record length, which allows reading beyond the actual payload. Affects FreeBSD 10.0 only. A flaw in the implementation of Montgomery Ladder Approach would create a side-channel that leaks sensitive timing information.

tags | advisory, vulnerability
systems | freebsd
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | 8a77a029dc414dcdc8e56eaed517058b
Mandriva Linux Security Advisory 2014-067
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-067 - The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2014-0076
MD5 | 75101ad8cfc951d035959f7c4ed1b87a
Slackware Security Advisory - openssl Updates
Posted Apr 9, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | 8c14c9bec9d43e48de87d8ee618d6fd2
Gentoo Linux Security Advisory 201404-07
Posted Apr 8, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201404-7 - Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors. Versions less than 1.0.1g are affected.

tags | advisory, remote, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | e6a0d15d699df1495b12890e7951a16f
OpenSSL Toolkit 1.0.1g
Posted Apr 7, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Workaround for the TLS hang bug. Fix for a side-channel attack. Fix for a missing bounds check in the TLS heartbeat extension.
tags | tool, protocol, library
systems | unix
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | de62b43dfcd858e66a74bee1c834e959
Ubuntu Security Notice USN-2165-1
Posted Apr 7, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2165-1 - Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-0076, CVE-2014-0160
MD5 | 9f727884e8b05e67ecbf7c559811c75c
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close