what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2019-1559

Status Candidate

Overview

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Related Files

Ubuntu Security Notice USN-4376-2
Posted Jul 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4376-2 - USN-4376-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida Garc

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-1547, CVE-2019-1559, CVE-2019-1563
MD5 | 5ffe6bab9ab65abc32cc3f1b5a2aa54b
Red Hat Security Advisory 2019-3929-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3929-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, java, web, xss
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-0221, CVE-2019-10072, CVE-2019-1559
MD5 | 1eeabab6776647e0fba3cdda4fbc7760
Red Hat Security Advisory 2019-3931-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3931-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-0221, CVE-2019-10072, CVE-2019-1559
MD5 | 2f30e18d2b9c86f33e0790d3461ef690
Red Hat Security Advisory 2019-2471-01
Posted Aug 13, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2471-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. A padding oracle vulnerability has been addressed.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-1559
MD5 | 5f7b2075e0503b29c80a8881178eb479
Red Hat Security Advisory 2019-2439-01
Posted Aug 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2439-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. Integer overflow, leaked credential, and padding oracle vulnerabilities were addressed.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2018-16881, CVE-2019-1559, CVE-2019-3888
MD5 | 7b9d8dc9113ca94f46aadd80b4d5da42
Red Hat Security Advisory 2019-2437-01
Posted Aug 12, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2437-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2018-16838, CVE-2018-16881, CVE-2019-0161, CVE-2019-10139, CVE-2019-10160, CVE-2019-1559
MD5 | 5cf8328ccb22810d576d6f6cc47e8cbc
Red Hat Security Advisory 2019-2304-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2304-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Padding oracle and side channel attack vulnerabilities were addressed.

tags | advisory, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-0734, CVE-2019-1559
MD5 | 77864abc74a2833e93d7f0b1b9f89808
Gentoo Linux Security Advisory 201903-10
Posted Mar 14, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-10 - Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Versions less than 1.0.2r are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2018-5407, CVE-2019-1559
MD5 | b2e9c1b57341130f34be8af5a74d57be
Debian Security Advisory 4400-1
Posted Mar 1, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4400-1 - Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL.

tags | advisory
systems | linux, debian
advisories | CVE-2019-1559
MD5 | 3ae403132ce04513055ca44d9713a40d
Slackware Security Advisory - openssl Updates
Posted Feb 27, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-1559
MD5 | b461424a888f769f20904a5db217b6d8
Ubuntu Security Notice USN-3899-1
Posted Feb 27, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3899-1 - Juraj Somorovsky, Robert Merget, and Nimrod Aviram discovered that certain applications incorrectly used OpenSSL and could be exposed to a padding oracle attack. A remote attacker could possibly use this issue to decrypt data.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2019-1559
MD5 | 649244f74bfef62f2e8d667bc9b80619
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close