Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64132
Kategorie:Mandrake Local Security Checks
Titel:Mandrake Security Advisory MDVSA-2009:120 (openssl)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to openssl
announced via advisory MDVSA-2009:120.

Multiple security vulnerabilities has been identified and fixed
in OpenSSL:

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k
and earlier 0.9.8 versions allows remote attackers to cause a denial
of service (memory consumption) via a large series of future epoch
DTLS records that are buffered in a queue, aka DTLS record buffer
limitation bug. (CVE-2009-1377)

Multiple memory leaks in the dtls1_process_out_of_seq_message function
in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow
remote attackers to cause a denial of service (memory consumption)
via DTLS records that (1) are duplicates or (2) have sequence numbers
much greater than current sequence numbers, aka DTLS fragment handling
memory leak. (CVE-2009-1378)

The updated packages have been patched to prevent this.

Affected: 2008.1, 2009.0, 2009.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:120

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1377
BugTraq ID: 35001
http://www.securityfocus.com/bid/35001
http://security.gentoo.org/glsa/glsa-200912-01.xml
HPdes Security Advisory: HPSBMA02492
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
HPdes Security Advisory: SSRT100079
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
https://launchpad.net/bugs/cve/2009-1377
http://marc.info/?l=openssl-dev&m=124247675613888&w=2
http://www.openwall.com/lists/oss-security/2009/05/18/1
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
NETBSD Security Advisory: NetBSD-SA2009-009
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663
http://www.redhat.com/support/errata/RHSA-2009-1335.html
http://www.securitytracker.com/id?1022241
http://secunia.com/advisories/35128
http://secunia.com/advisories/35416
http://secunia.com/advisories/35461
http://secunia.com/advisories/35571
http://secunia.com/advisories/35729
http://secunia.com/advisories/36533
http://secunia.com/advisories/37003
http://secunia.com/advisories/38761
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://www.ubuntu.com/usn/USN-792-1
http://www.vupen.com/english/advisories/2009/1377
http://www.vupen.com/english/advisories/2010/0528
Common Vulnerability Exposure (CVE) ID: CVE-2009-1378
https://www.exploit-db.com/exploits/8720
https://launchpad.net/bugs/cve/2009-1378
http://marc.info/?l=openssl-dev&m=124247679213944&w=2
http://marc.info/?l=openssl-dev&m=124263491424212&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.