[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2015-498 --- openssl

ID: oval:org.secpod.oval:def:1200089Date: (C)2015-12-28   (M)2017-10-26
Class: PATCHFamily: unix




A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially-crafted certificate was imported. A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A malicious client could send a specially crafted SSLv2 CLIENT-MASTER-KEY message that would cause an OpenSSL server that both supports SSLv2 and enables EXPORT-grade cipher suites to crash. An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. A flaw was found in the the ASN parsing code of OpenSSL. An attacker could present a specially crafted certificate, which when verified by an OpenSSL client or server could cause it to crash. A null-pointer dereference was found in the way OpenSSL handled certain PKCS#7 blobs. An attacker could cause OpenSSL to crash, when applications verify, decrypt or parsed these ASN.1 encoded PKCS#7 blobs. OpenSSL clients and servers are not affected. A NULL pointer dereference flaw was found in OpenSSL"s x509 certificate handling implementation. A remote attacker could use this flaw to crash an OpenSSL server using an invalid certificate key

Platform:
Amazon Linux AMI
Product:
openssl
Reference:
ALAS-2015-498
CVE-2015-0209
CVE-2015-0293
CVE-2015-0287
CVE-2015-0286
CVE-2015-0289
CVE-2015-0288
CVE    6
CVE-2015-0287
CVE-2015-0286
CVE-2015-0293
CVE-2015-0288
...
CPE    35
cpe:/o:amazon:linux
cpe:/a:openssl:openssl:0.9.8ze
cpe:/a:openssl:openssl:1.0.0n
cpe:/a:openssl:openssl:1.0.0m
...

© 2013 SecPod Technologies