Exploit the possiblities
Showing 1 - 14 of 14 RSS Feed

CVE-2015-1791

Status Candidate

Overview

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

Related Files

HP Security Bulletin HPSBHF03613 1
Posted Jul 5, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03613 1 - Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793
MD5 | b6c855010e079d9ae7b24276064a44ad
HP Security Bulletin HPSBMU03612 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | windows
advisories | CVE-2007-6750, CVE-2011-4969, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-3237, CVE-2015-6565, CVE-2015-7501, CVE-2015-7547, CVE-2015-7995, CVE-2015-8035, CVE-2016-0705, CVE-2016-0728, CVE-2016-0799, CVE-2016-2015, CVE-2016-2017
MD5 | 0207d928f7226d4094ca1253ba2da50e
HP Security Bulletin HPSBMU03607 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03607 1 - Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, protocol, csrf
advisories | CVE-2008-5161, CVE-2014-3566, CVE-2015-0705, CVE-2015-1789, CVE-2015-1791, CVE-2015-3194, CVE-2015-5600, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
MD5 | 6c857b91c2ccec55f2970decf648feab
HP Security Bulletin HPSBMU03611 1
Posted May 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03611 1 - Multiple potential security vulnerabilities have been identified with the Matrix Operating Environment on Windows and Linux that could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Execution of arbitrary code, Cross-site scripting (XSS), Disclosure of Sensitive Information, Code Execution, and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | linux, windows
advisories | CVE-2009-3555, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-6565, CVE-2015-7501, CVE-2016-0705, CVE-2016-0799, CVE-2016-2017, CVE-2016-2018, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, CVE-2016-2026, CVE-2016-2027
MD5 | 051cbd9e7dc9e6a857c49c0bf518a647
HP Security Bulletin HPSBMU03589 1
Posted May 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03589 1 - Several potential security vulnerabilities have been identified with HPE Version Control Repository Manager (VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 50ee5d731c27c2255b342b6f5e51a914
HP Security Bulletin HPSBUX03388 SSRT102180 1
Posted Aug 6, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03388 SSRT102180 1 - A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | hpux
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793, CVE-2015-4000
MD5 | eab3b1b5f333ecf496436e4f6bd63ca5
Gentoo Linux Security Advisory 201506-02
Posted Jun 22, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201506-2 - Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure. Versions less than 1.0.1o are affected.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 29dead97f9fb4c8eb6586f20b7c1aca3
Red Hat Security Advisory 2015-1115-01
Posted Jun 15, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1115-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216
MD5 | 36c447c4813f5183f462bc5bada98b33
OpenSSL Toolkit 1.0.2c
Posted Jun 15, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 8c8d81a9ae7005276e486702edbcd4b6
Debian Security Advisory 3287-1
Posted Jun 15, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3287-1 - Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 8b6a075e92de837aed96987c2264454d
FreeBSD Security Advisory - OpenSSL
Posted Jun 12, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A vulnerability in the TLS protocol would allow a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is also known as Logjam. When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. Various other issues have also been addressed.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000
MD5 | 3fb8aa902f8c2dc20a490d919de2a423
Slackware Security Advisory - openssl Updates
Posted Jun 12, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | dc381c79496ca87aed7db7712ab261e3
OpenSSL Toolkit 1.0.2b
Posted Jun 12, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Infinite loop on malformed ECParameters structure addressed. PKCS7 crash addressed. Various other issues addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 7729b259e2dea7d60b32fc3934d6984b
Ubuntu Security Notice USN-2639-1
Posted Jun 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2639-1 - Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. A remote attacker could use this issue to cause OpenSSL to hang, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792
MD5 | 2c3551d061da6c9e5814baac637399ce
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close