accept no compromises
Showing 1 - 21 of 21 RSS Feed

CVE-2015-0293

Status Candidate

Overview

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

Related Files

Red Hat Security Advisory 2016-0490-01
Posted Mar 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0490-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.

tags | advisory, java, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | 63c16fbee5f285eb1059fe14fdc11584
Red Hat Security Advisory 2016-0446-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0446-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | b7e85ded0d49ed38343307cf853c81f2
Red Hat Security Advisory 2016-0445-01
Posted Mar 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0445-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, java, web, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0800
MD5 | 3579da10595d2d52fdde6cd8913b04e7
Red Hat Security Advisory 2016-0372-01
Posted Mar 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0372-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | ea2cda3bb25f4c9d5818c05080ce01d2
Red Hat Security Advisory 2016-0306-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0306-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | 2f36ad9742f9b96b4e118c0c254db4cc
Red Hat Security Advisory 2016-0304-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0304-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | 5070fe93898af747db9ee12243a2fb26
Red Hat Security Advisory 2016-0303-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0303-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
MD5 | cd9090d3d570d3faf68563b341e88263
HP Security Bulletin HPSBMU03397 1
Posted Aug 26, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03397 1 - Potential security vulnerabilities have been identified with HP Version Control Agent (VCA) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | 0d9bf4c34505c4e8f90c075c2409ec29
Apple Security Advisory 2015-06-30-2
Posted Jul 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-06-30-2 - OS X Yosemite 10.10.4 and Security Update 2015-005 are now available and address privilege escalation, arbitrary code execution, access bypass, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-1741, CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130, CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2015-0209, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293, CVE-2015-1157, CVE-2015-1798, CVE-2015-1799, CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, CVE-2015-3668, CVE-2015-3671, CVE-2015-3672, CVE-2015-3673
MD5 | 32e0fef51b76ce3c73ed6338172843e8
HP Security Bulletin HPSBUX03334 SSRT102000 1
Posted May 20, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03334 SSRT102000 1 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
systems | hpux
advisories | CVE-2015-0204, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 2b38a739f74c167f51559de9b66331aa
Slackware Security Advisory - openssl Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 5d56e0a6eaa6f5147fb552bf7ec23143
Red Hat Security Advisory 2015-0800-01
Posted Apr 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0800-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2014-8275, CVE-2015-0204, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | b96cdbfc0d7559571c323c6dacd80e5b
Red Hat Security Advisory 2015-0752-01
Posted Mar 30, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0752-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 2890be251345200f380dd19ad7e722ce
Mandriva Linux Security Advisory 2015-063
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-063 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.0r version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2015-0204, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 2f9f2e925923d773f1747f2ebe110519
Mandriva Linux Security Advisory 2015-062
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 9412decee50df63b317420ad5180fc9f
Red Hat Security Advisory 2015-0716-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0716-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 84c06482c884d666f0674209111c6d16
Red Hat Security Advisory 2015-0715-01
Posted Mar 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0715-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded.

tags | advisory, remote, overflow, protocol
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | 9c5429281270d2cf5d0d7d74e66bab1e
OpenSSL Security Advisory - 12 Security Fixes
Posted Mar 20, 2015
Site openssl.org

OpenSSL has addressed twelve vulnerabilities including denial of service, silent downgrading, corrupted pointer, segmentation fault, memory corruption, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | d5e61bc62fd70b1e4faa9d5757fe8ea0
FreeBSD Security Advisory - OpenSSL Issues
Posted Mar 20, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Multiple OpenSSL issues have been resolved. A malformed elliptic curve private key file could cause a use-after-free condition in the d2i_ECPrivateKey function. An attempt to compare ASN.1 boolean types will cause the ASN1_TYPE_cmp function to crash with an invalid read. Reusing a structure in ASN.1 parsing may allow an attacker to cause memory corruption via an invalid write. The function X509_to_X509_REQ will crash with a NULL pointer dereference if the certificate key is invalid. The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. A malicious client can trigger an OPENSSL_assert in servers that both support SSLv2 and enable export cipher suites by sending a specially crafted SSLv2 CLIENT-MASTER-KEY message.

tags | advisory
systems | freebsd
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 8a30cb43be0ccad8caf129b707a6c904
Gentoo Linux Security Advisory 201503-11
Posted Mar 20, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-11 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1l-r1 are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209, CVE-2015-0285, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787
MD5 | 4a2e3489d02d9cd892b08aaab0121cc9
Ubuntu Security Notice USN-2537-1
Posted Mar 20, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2537-1 - It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293
MD5 | af6954b41cf8921ca646fd8bce9c0314
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close