ID de Prueba:	1.3.6.1.4.1.25623.1.0.64118
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: opensll
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to the system as announced in the referenced advisory. The following package is affected: opensll CVE-2009-1377 The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of 'future epoch' DTLS records that are buffered in a queue, aka 'DTLS record buffer limitation bug.' CVE-2009-1378 Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka 'DTLS fragment handling memory leak.' Solution: Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/35128/ http://www.vuxml.org/freebsd/82b55df8-4d5a-11de-8811-0030843d3802.html CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1377 BugTraq ID: 35001 http://www.securityfocus.com/bid/35001 http://security.gentoo.org/glsa/glsa-200912-01.xml HPdes Security Advisory: HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 HPdes Security Advisory: SSRT100079 http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 https://launchpad.net/bugs/cve/2009-1377 http://marc.info/?l=openssl-dev&m=124247675613888&w=2 http://www.openwall.com/lists/oss-security/2009/05/18/1 http://lists.vmware.com/pipermail/security-announce/2010/000082.html NETBSD Security Advisory: NetBSD-SA2009-009 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663 http://www.redhat.com/support/errata/RHSA-2009-1335.html http://www.securitytracker.com/id?1022241 http://secunia.com/advisories/35128 http://secunia.com/advisories/35416 http://secunia.com/advisories/35461 http://secunia.com/advisories/35571 http://secunia.com/advisories/35729 http://secunia.com/advisories/36533 http://secunia.com/advisories/37003 http://secunia.com/advisories/38761 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.ubuntu.com/usn/USN-792-1 http://www.vupen.com/english/advisories/2009/1377 http://www.vupen.com/english/advisories/2010/0528 Common Vulnerability Exposure (CVE) ID: CVE-2009-1378 https://www.exploit-db.com/exploits/8720 https://launchpad.net/bugs/cve/2009-1378 http://marc.info/?l=openssl-dev&m=124247679213944&w=2 http://marc.info/?l=openssl-dev&m=124263491424212&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.