seeing is believing
Showing 1 - 12 of 12 RSS Feed

CVE-2015-1788

Status Candidate

Overview

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.

Related Files

HP Security Bulletin HPSBHF03613 1
Posted Jul 5, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03613 1 - Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793
MD5 | b6c855010e079d9ae7b24276064a44ad
HP Security Bulletin HPSBMU03612 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | windows
advisories | CVE-2007-6750, CVE-2011-4969, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-3237, CVE-2015-6565, CVE-2015-7501, CVE-2015-7547, CVE-2015-7995, CVE-2015-8035, CVE-2016-0705, CVE-2016-0728, CVE-2016-0799, CVE-2016-2015, CVE-2016-2017
MD5 | 0207d928f7226d4094ca1253ba2da50e
HP Security Bulletin HPSBMU03611 1
Posted May 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03611 1 - Multiple potential security vulnerabilities have been identified with the Matrix Operating Environment on Windows and Linux that could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Execution of arbitrary code, Cross-site scripting (XSS), Disclosure of Sensitive Information, Code Execution, and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | linux, windows
advisories | CVE-2009-3555, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-6565, CVE-2015-7501, CVE-2016-0705, CVE-2016-0799, CVE-2016-2017, CVE-2016-2018, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, CVE-2016-2026, CVE-2016-2027
MD5 | 051cbd9e7dc9e6a857c49c0bf518a647
HP Security Bulletin HPSBMU03589 1
Posted May 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03589 1 - Several potential security vulnerabilities have been identified with HPE Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 50ee5d731c27c2255b342b6f5e51a914
HP Security Bulletin HPSBUX03388 SSRT102180 1
Posted Aug 6, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03388 SSRT102180 1 - A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793, CVE-2015-4000
MD5 | eab3b1b5f333ecf496436e4f6bd63ca5
Gentoo Linux Security Advisory 201506-02
Posted Jun 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201506-2 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1o are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 29dead97f9fb4c8eb6586f20b7c1aca3
OpenSSL Toolkit 1.0.2c
Posted Jun 15, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 8c8d81a9ae7005276e486702edbcd4b6
Debian Security Advisory 3287-1
Posted Jun 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3287-1 - Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 8b6a075e92de837aed96987c2264454d
FreeBSD Security Advisory - OpenSSL
Posted Jun 12, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. Various other issues have also been addressed.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 3fb8aa902f8c2dc20a490d919de2a423
Slackware Security Advisory - openssl Updates
Posted Jun 12, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | dc381c79496ca87aed7db7712ab261e3
OpenSSL Toolkit 1.0.2b
Posted Jun 12, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Infinite loop on malformed ECParameters structure addressed. PKCS7 crash addressed. Various other issues addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 7729b259e2dea7d60b32fc3934d6984b
Ubuntu Security Notice USN-2639-1
Posted Jun 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2639-1 - Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 2c3551d061da6c9e5814baac637399ce
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close