what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

OpenSSL Security Advisory 20071012
Posted Oct 12, 2007
Site openssl.org

OpenSSL Security Advisory 20071012 - Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected.

tags | advisory, vulnerability
advisories | CVE-2007-4995, CVE-2007-5135
SHA-256 | af582719a8ae86aed227c762b0680e7b01041c84d523533cf73b52a22ecf4779

Related Files

Secunia Security Advisory 50097
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in OpenSSL included in AIX and Virtual I/O Server, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | aix
SHA-256 | ed0c5a57d21cfc17398bb32ca7e61dc56a6d01271d6711802a78307b440b56ea
Secunia Security Advisory 50056
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions in an application using the library.

tags | advisory
systems | linux, ubuntu
SHA-256 | 437136c2b6d4c58de22a78afe4d04237a3da9a57a59713b7363d6b3f84dd6fb3
Ubuntu Security Notice USN-1516-1
Posted Jul 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1516-1 - It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications.

tags | advisory
systems | linux, ubuntu
SHA-256 | f2262e55a41ba5619c60cd6ba0d89acc3919c82392ab15e2dd986d7c27563ab8
PHP 6.0 openssl_verify() Buffer Overflow
Posted Jul 20, 2012
Authored by Pr0T3cT10n

PHP version 6.0 openssl_verify() local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, php, proof of concept
SHA-256 | ca7179cfea7e511031571eaf312bb0ce52f952b755fb3d52e7056cff68d72e8a
Secunia Security Advisory 49264
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service
systems | netbsd
SHA-256 | 74039663b5855a6feb45e97e70d5e46ef92330bc2dbace3e39177da7d3ea72fb
Secunia Security Advisory 49440
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | netbsd
SHA-256 | 5dc9f491cbf10b29821a9474c8b2cebd5f4587f4f75478ced6bbbe415da21245
OpenSSL Toolkit 1.0.1c
Posted Jun 7, 2012
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Record length are now sanity checked before skipping explicit IV in TLS 1.2, 1.1, and DTLS, to avoid possible DoS attacks. A possible deadlock when decoding public keys has been fixed. The TLS 1.0 record version number is no longer used in the initial client hello if renegotiating. tkeylen in now initialized properly when encrypting CMS messages. In FIPS mode, composite ciphers are no longer used, as they are not approved.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2012-2333
SHA-256 | 2a9eb3cd4e8b114eb9179c0d3884d61658e7d8e8bf4984798a5f5bd48e325ebe
OpenSSL 1.0.1 Buffer Overflow
Posted Jun 1, 2012
Authored by David M. Anthony, Vincent J. Buccigrossi III

OpenSSL version 1.0.1 suffers from a local buffer overflow vulnerability in the command line utility.

tags | advisory, overflow, local
SHA-256 | a5fcc3832f2520c9e1f546ab32a9b27fdfd7926a5b3de285d09980efe0d00fff
Secunia Security Advisory 49332
Posted May 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service
systems | linux, suse
SHA-256 | 1cbf645adf1c41ce824252a3ef2c7616c72a5c827da1ae6ab066fd31b1b6b4ae
Secunia Security Advisory 49309
Posted May 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for openssl. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) of an application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, suse
SHA-256 | cbc69a73d26d914de7b08673b07e0db475156ccda21d687a4005233283ac485f
Secunia Security Advisory 49324
Posted May 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | 5f2edd91901faf346e96be4c50d38ea72cd64c1a3d15abdfba22b286c665af47
Red Hat Security Advisory 2012-0699-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0699-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2333
SHA-256 | c06ac1424785317703c7aa22ceb6c44b036fc510567d485d7bf8e44c5ffb7b08
Secunia Security Advisory 49293
Posted May 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 3df54d4ab9c228f2348a011b682aa98a3ebef7a3a1a8d4c5a6abf6b27f0cca98
Ubuntu Security Notice USN-1451-1
Posted May 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0884, CVE-2012-2333, CVE-2012-0884, CVE-2012-2333
SHA-256 | c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957a
Secunia Security Advisory 49214
Posted May 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Astaro has issued an update for openssl. This fixes some vulnerabilities, which have unknown impacts.

tags | advisory, vulnerability
SHA-256 | d74361c510b7e90e0c2644ec604784e99b4fcadff4e89ad2a6a8224d8dd2e215
HP Security Bulletin HPSBUX02782 SSRT100844
Posted May 18, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2006-7250, CVE-2011-4619, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2131
SHA-256 | 457fa208b2d89d333fc3e7b1e79dda9d71c42a5448aba577490f3ef540898b99
Debian Security Advisory 2475-1
Posted May 18, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2012-2333
SHA-256 | 66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71
Secunia Security Advisory 49224
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | linux, suse
SHA-256 | 054fba010f9568c3f00517478292a89add8869b2560e23380d4f2fa8b87038ef
Secunia Security Advisory 49229
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for OpenSSL in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | hpux
SHA-256 | be02c16d421aefb4def9840e3af024d04ad07b006ad2d28f71dd1d826631994a
Secunia Security Advisory 49208
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 9073f5d7951d4c4f11beb7502a1aaccb1924b29585e7021b67e0365c5284a95e
Secunia Security Advisory 49116
Posted May 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

tags | advisory, denial of service
SHA-256 | e35898a18b7ce00d4c782c320c6a6f07ce7af0807f27b37b33ab01bf5c26bb4b
Mandriva Linux Security Advisory 2012-073
Posted May 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-2333
SHA-256 | 54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164
Secunia Security Advisory 49077
Posted May 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - FreeBSD has issued an update for OpenSSL. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | freebsd
SHA-256 | 566e6103b3b3305cd368cccc6a51b1795616b82f090a5eb6388741e912d98bcd
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
SHA-256 | a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3ee
Secunia Security Advisory 48956
Posted Apr 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | linux, ubuntu
SHA-256 | 607e53d73aa371bf36ef03ea63ad19e73950e519568ae351aedd759de9c20bf5
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close