Red Hat Security Advisory 2014-0628-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
45ac970580285e45f60c7ada7cf8c6e1a95037ba799213a4c6ba5b817da76fd1Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in OpenSSL included in AIX and Virtual I/O Server, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.
ed0c5a57d21cfc17398bb32ca7e61dc56a6d01271d6711802a78307b440b56eaSecunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions in an application using the library.
437136c2b6d4c58de22a78afe4d04237a3da9a57a59713b7363d6b3f84dd6fb3Ubuntu Security Notice 1516-1 - It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications.
f2262e55a41ba5619c60cd6ba0d89acc3919c82392ab15e2dd986d7c27563ab8PHP version 6.0 openssl_verify() local buffer overflow proof of concept exploit.
ca7179cfea7e511031571eaf312bb0ce52f952b755fb3d52e7056cff68d72e8aSecunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
74039663b5855a6feb45e97e70d5e46ef92330bc2dbace3e39177da7d3ea72fbSecunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
5dc9f491cbf10b29821a9474c8b2cebd5f4587f4f75478ced6bbbe415da21245OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
2a9eb3cd4e8b114eb9179c0d3884d61658e7d8e8bf4984798a5f5bd48e325ebeOpenSSL version 1.0.1 suffers from a local buffer overflow vulnerability in the command line utility.
a5fcc3832f2520c9e1f546ab32a9b27fdfd7926a5b3de285d09980efe0d00fffSecunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
1cbf645adf1c41ce824252a3ef2c7616c72a5c827da1ae6ab066fd31b1b6b4aeSecunia Security Advisory - SUSE has issued an update for openssl. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) of an application using the library.
cbc69a73d26d914de7b08673b07e0db475156ccda21d687a4005233283ac485fSecunia Security Advisory - Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
5f2edd91901faf346e96be4c50d38ea72cd64c1a3d15abdfba22b286c665af47Red Hat Security Advisory 2012-0699-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer.
c06ac1424785317703c7aa22ceb6c44b036fc510567d485d7bf8e44c5ffb7b08Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) of the application using the library.
3df54d4ab9c228f2348a011b682aa98a3ebef7a3a1a8d4c5a6abf6b27f0cca98Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957aSecunia Security Advisory - Astaro has issued an update for openssl. This fixes some vulnerabilities, which have unknown impacts.
d74361c510b7e90e0c2644ec604784e99b4fcadff4e89ad2a6a8224d8dd2e215HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
457fa208b2d89d333fc3e7b1e79dda9d71c42a5448aba577490f3ef540898b99Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71Secunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
054fba010f9568c3f00517478292a89add8869b2560e23380d4f2fa8b87038efSecunia Security Advisory - HP has issued an update for OpenSSL in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
be02c16d421aefb4def9840e3af024d04ad07b006ad2d28f71dd1d826631994aSecunia Security Advisory - Debian has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
9073f5d7951d4c4f11beb7502a1aaccb1924b29585e7021b67e0365c5284a95eSecunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
e35898a18b7ce00d4c782c320c6a6f07ce7af0807f27b37b33ab01bf5c26bb4bMandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.
54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164Secunia Security Advisory - FreeBSD has issued an update for OpenSSL. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise an application using the library.
566e6103b3b3305cd368cccc6a51b1795616b82f090a5eb6388741e912d98bcdFreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.
a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3eeSecunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
607e53d73aa371bf36ef03ea63ad19e73950e519568ae351aedd759de9c20bf5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed