what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2016-0798

Status Candidate

Overview

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.

Related Files

HPE Security Bulletin HPESBHF03741 1
Posted May 4, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBHF03741 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information, or locally exploited resulting in unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
MD5 | afae0f904968fb7611307ae6c0d9cbc9
Gentoo Linux Security Advisory 201603-15
Posted Mar 21, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-15 - Multiple vulnerabilities have been found in OpenSSL, the worst allowing remote attackers to decrypt TLS sessions. Versions less than 1.0.2g-r2 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
MD5 | 76272f137f358f98c8ed9a0c861ba44b
Slackware Security Advisory - openssl Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
MD5 | 93e3fc9f48b13299e8509cb8e0af664d
Ubuntu Security Notice USN-2914-1
Posted Mar 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2914-1 - Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. Adam Langley discovered that OpenSSL incorrectly handled memory when parsing DSA private keys. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
MD5 | a6e8d23d1ba8b7f684856e8693de0261
Debian Security Advisory 3500-1
Posted Mar 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3500-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
MD5 | f1b2d72ce831be1e0856a01cd6ecfdb1
OpenSSL Toolkit 1.0.2g
Posted Mar 1, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Disabled weak ciphers in SSLv3 and up in default builds of OpenSSL. Disabled SSLv2 default build, default negotiation and weak ciphers. Fixed a double-free in DSA code. Various other security issues addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
MD5 | f3c710c045cdee5fd114feb69feba7aa
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close