what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2014-3510

Status Candidate

Overview

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.

Related Files

HP Security Bulletin HPSBHF03293
Posted Mar 18, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03293 1 - Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including heartbleed, padding oracle, and shellshock issues. Revision 1 of this advisory.

tags | advisory, vulnerability, bash
advisories | CVE-2009-3555, CVE-2014-0160, CVE-2014-0195, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3566, CVE-2014-5139
SHA-256 | 30d1ba0b92a93958f1b541914c45bffd10181d46e5a162699dcd2c22a93f67c4
Gentoo Linux Security Advisory 201412-39
Posted Dec 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-39 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Versions less than 1.0.1j are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-6449, CVE-2013-6450, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-5139
SHA-256 | a8911a2cd573d9d9b7a21dda6fda6b8c703d63c5dd4ba76095ba2d228441fbae
Red Hat Security Advisory 2014-1297-01
Posted Sep 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1297-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.

tags | advisory, java, protocol
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510
SHA-256 | e6a52a5860b1db89bab94e8df4cebd26369bf1a6fe701deae6b86897b2ad96c0
Red Hat Security Advisory 2014-1256-01
Posted Sep 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1256-01 - An update for the openssl component for Red Hat JBoss Web Server 2.1.0 that fixes multiple security issues is now available from the Red Hat Customer Portal.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510
SHA-256 | 0a42be4979149e6e258283d7685446461846950dbaf2939b187cc377e0d4ae30
HP Security Bulletin HPSBOV03099
Posted Sep 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03099 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
SHA-256 | aae3e2a1d333eb054bbbacfd312875f79f591047aa6e4a71ea420ee9f8f26a54
FreeBSD Security Advisory - OpenSSL Vulnerabilities
Posted Sep 9, 2014
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL issues have been addressed. The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Various other issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | b203a1f5bbe6d57d00f87b2c3bf3c8e5ce475ea36f8779f18a2ba89567d26437
HP Security Bulletin HPSBUX03095 SSRT101674
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03095 SSRT101674 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510
SHA-256 | 35ea6546fb12c44295439a0781aa60fc6a8b2a36280244b7445e4c518ed728ff
Red Hat Security Advisory 2014-1054-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1054-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511
SHA-256 | 764aee33222756a8c5691f00ba7d65d359debf2fd22c3e64127636ad640c0504
Red Hat Security Advisory 2014-1053-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1053-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-0221, CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510
SHA-256 | 948de4a34ae026c5dab154c65c77547ef33ef30112240c62df3060016b472f9b
Red Hat Security Advisory 2014-1052-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1052-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511
SHA-256 | 75bc0be12a1079a05666977a741c31a6e9ce2f144a48b721d2d303d494747755
Slackware Security Advisory - openssl Updates
Posted Aug 11, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | e6c1e38ce693c76a337bfee5d7931997488682a149dcc7351a58577e1f17db5b
Debian Security Advisory 2998-1
Posted Aug 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2998-1 - Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).

tags | advisory, denial of service, overflow, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | 4b5ba9dfa84b23a549dccdd763c181521186cfd1c85de543dddad5497811bba9
Mandriva Linux Security Advisory 2014-158
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-158 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL DTLS clients enabling anonymous DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference by specifying an anonymous DH ciphersuite and sending carefully crafted handshake messages. The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510
SHA-256 | 0c47d350a43e9ef06283b3a0d86eb7459ba8b68df64c0a7b9834987b823bc450
Ubuntu Security Notice USN-2308-1
Posted Aug 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2308-1 - Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | 03bad2c5caba72992e90e3884ed995a197ef58b33d81447b1b69e27d4faf9d73
OpenSSL Toolkit 1.0.1i
Posted Aug 6, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Nine security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139
SHA-256 | 3c179f46ca77069a6a0bac70212a9b3b838b2f66129cb52d568837fc79d8fcc7
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    12 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close