what you don't know can hurt you
Showing 1 - 25 of 98 RSS Feed

Files

OpenSSL Toolkit 1.1.1h
Posted Sep 22, 2020
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Certificates with explicit curve parameters are now disallowed in verification chains if the X509_V_FLAG_X509_STRICT flag is used. A few other updates as well.
tags | tool, encryption, protocol
systems | unix
MD5 | 53840c70434793127a3574433494e8d3

Related Files

OpenSSL Toolkit 1.1.1g
Posted Apr 21, 2020
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed segmentation fault in SSL_check_chain().
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2020-1967
MD5 | 76766e98997660138cdaf13a187bd234
OpenSSL Toolkit 1.1.1f
Posted Mar 31, 2020
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Reverted the change of EOF detection while reading in libssl to avoid regressions in applications depending on the current way of reporting the EOF. Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1 when primes for RSA keys are computed.
tags | tool, encryption, protocol
systems | unix
MD5 | 3f486f2f4435ef14b81814dbbc7b48bb
OpenSSL Toolkit 1.1.1e
Posted Mar 18, 2020
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: It now properly detects EOF while reading in libssl. Fixed SSL_get_servername() behaviour. Various other updates and bug fixes.
tags | tool, encryption, protocol
systems | unix
MD5 | baeff2a64d2f3d7e0a69b677c9977b57
OpenSSL Toolkit 1.1.1d
Posted Sep 11, 2019
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a fork protection issue. Added a bypass mitigation. Various other updates.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2019-1547, CVE-2019-1549, CVE-2019-1552, CVE-2019-1563
MD5 | 3be209000dbc7e1b95bcdf47980a3baa
OpenSSL Toolkit 1.1.1c
Posted May 28, 2019
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Added build tests for C++. Enabled SHA3 pre-hashing for ECDSA and DSA. Various other updates.
tags | tool, encryption, protocol
systems | unix
MD5 | 15e21da6efe8aa0e0768ffd8cd37a5f6
OpenSSL Toolkit 1.1.1b
Posted Feb 28, 2019
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Added SCA hardening for modular field inversion in EC_GROUP through a new dedicated field_inv() pointer in EC_METHOD. Changed the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. Various other updates.
tags | tool, encryption, protocol
systems | unix
MD5 | 4532712e7bcc9414f5bce995e4e13930
OpenSSL Toolkit 1.1.1a
Posted Nov 21, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a timing vulnerability in DSA signature generation and another in ECDSA signature generation. Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). Various other updates.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0734, CVE-2018-0735
MD5 | 963deb2272d6be7d4c2458afd2517b73
OpenSSL Toolkit 1.1.1
Posted Sep 11, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Added a new ClientHello callback. Added SM2 base algorithm support. Various other updates.
tags | tool, encryption, protocol
systems | unix
MD5 | 7079eb017429e0ffb9efb42bf80ccb21
OpenSSL Toolkit 1.1.0i
Posted Aug 17, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed a client denial of service due to a large DH parameter addressed. Cache timing vulnerability fixed. Various other updates and fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0732, CVE-2018-0737
MD5 | 9495126aafd2659d357ea66a969c3fe1
OpenSSL Toolkit 1.1.0h
Posted Mar 29, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed an issue where constructed ASN.1 types with a recursive definition could exceed the stack. Also address was an incorrect CRYPTO_memcmp on HP-UX PA-RISC amongst other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0733, CVE-2018-0739
MD5 | 5271477e4d93f4ea032b665ef095ff24
OpenSSL Toolkit 1.0.2o
Posted Mar 29, 2018
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Addressed an issue where constructed ASN.1 types with a recursive definition could exceed the stack.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2018-0739
MD5 | 44279b8557c3247cbe324e2322ecd114
OpenSSL Toolkit 1.0.2n
Posted Dec 9, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Read/write after SSL object in error state addressed. rsaz_1024_mul_avx2 overflow bug on x86_64 addressed. Various other issues address.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2017-3737, CVE-2017-3738
MD5 | 13bdc1b1d1ff39b6fd42a255e74676a4
OpenSSL Toolkit 1.0.2m
Posted Nov 4, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: bn_sqrx8x_internal carry bug on x86_64 was addressed. A malformed X.509 IPAddressFamily out-of-bounds read was addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2017-3735, CVE-2017-3736
MD5 | 10e9e37f492094b9ef296f68f24a7666
OpenSSL Toolkit 1.0.2l
Posted May 27, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Very minor update.
tags | tool, encryption, protocol
systems | unix
MD5 | f85123cd390e864dfbe517e7616e6566
OpenSSL 1.1.0 Remote Client Denial Of Service
Posted Jan 31, 2017
Authored by Guido Vranken

OpenSSL version 1.1.0 remote client denial of service proof of concept exploit.

tags | exploit, remote, denial of service, proof of concept
advisories | CVE-2017-3730
MD5 | 69439210d66c14111fb007ce7ddefba6
OpenSSL Toolkit 1.0.2k
Posted Jan 26, 2017
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Bug fixes for an out-of-bounds read, a carry propagating bug, and multiple other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-7055, CVE-2017-3731, CVE-2017-3732
MD5 | f965fc0bf01bf882b31314b61391ae65
OpenSSL x509 Parsing Double-Free / Invalid-Free
Posted Oct 11, 2016
Authored by Guido Vranken

Double-free and invalid-free vulnerabilities in x509 parsing were found in the latest OpenSSL (1.1.0b).

tags | exploit, vulnerability
advisories | CVE-2016-6304
MD5 | 7f04c7a6fe981bbe9d32578994274a73
OpenSSL Toolkit 1.0.2j
Posted Sep 26, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0 but was omitted from OpenSSL 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-7052
MD5 | 96322138f0b69e61b7212bc53d5e912b
OpenSSL Toolkit 1.0.2i
Posted Sep 22, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A large amount of security issues have been addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306
MD5 | 678374e63f8df456a697d3e5e5a931fb
OpenSSL Toolkit 1.0.2h
Posted May 3, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixes to prevent padding oracle in AES-NI CBC MAC check. Fixed various overflows and other security issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2013-0169, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
MD5 | 9392e65072ce4b614c1392eefc1f23d0
OpenSSL Toolkit 1.0.2g
Posted Mar 1, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Disabled weak ciphers in SSLv3 and up in default builds of OpenSSL. Disabled SSLv2 default build, default negotiation and weak ciphers. Fixed a double-free in DSA code. Various other security issues addressed.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
MD5 | f3c710c045cdee5fd114feb69feba7aa
A Tale of openssl_seal(), PHP, and Apache2handle
Posted Feb 2, 2016
Authored by Filip Palian, Marek Kroemeke, Mateusz Kocielski

openssl_seal() is prone to use uninitialized memory that can be turned into a code execution. This document describes technical details of the journey to hijack apache2 requests. It is a very well written and thoroughly documented piece of research.

tags | exploit, paper, code execution
MD5 | 9c14b46a2de734fa08faee15ff5d7157
OpenSSL Toolkit 1.0.2f
Posted Jan 29, 2016
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Multiple bug fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2016-0701
MD5 | b3bf73f507172be9292ea2a8c28b659d
OpenSSL Toolkit 1.0.2e
Posted Dec 3, 2015
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fix applied to BN_mod_exp which may produce incorrect results on x86_64. Also addressed was a certificate verify crash with missing PSS parameter, an X509_ATTRIBUTE memory leak, and various other issues.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2015-3193, CVE-2015-3194, CVE-2015-3195
MD5 | 2218c1a6f807f7206c11eb3ee3a5ec80
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
Posted Jul 27, 2015
Authored by Ramon de C Valle, Adam Langley, David Benjamin | Site metasploit.com

This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, crypto
advisories | CVE-2015-1793
MD5 | 244abcb9001d9746e6846f9785dab572
Page 1 of 4
Back1234Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    11 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close