5 - CVE-2009-1387

Executive Summary

Informations
Name	CVE-2009-1387	First vendor Publication	2009-06-04
Vendor	Cve	Last vendor Modification	2024-02-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-476	NULL Pointer Dereference

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10740

Oval ID:	oval:org.mitre.oval:def:10740
Title:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1387	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:13721

Oval ID:	oval:org.mitre.oval:def:13721
Title:	DSA-1888-1 openssl, openssl097 -- cryptographic weakness
Description:	Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they’re no longer considered cryptographically secure. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny5. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for openssl097. The OpenSSL 0.9.8 update for oldstable also provides updated packages for multiple denial of service vulnerabilities in the Datagram Transport Layer Security implementation. These fixes were already provided for Debian stable in a previous point update. The OpenSSL 0.9.7 package from oldstable is not affected. For the unstable distribution, this problem has been fixed in version 0.9.8k-5. We recommend that you upgrade your openssl packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1888-1 CVE-2009-2409 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	openssl openssl097
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Packages section libssl-dev DPKG is earlier than 0.9.8g-15+lenny5 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-15+lenny5 AND openssl DPKG is earlier than 0.9.8g-15+lenny5 AND libssl0.9.8 DPKG is earlier than 0.9.8g-15+lenny5 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section libssl0.9.7-dbg DPKG is earlier than 0.9.7k-3.1etch5 AND libssl-dev DPKG is earlier than 0.9.8c-4etch9 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8c-4etch9 AND openssl DPKG is earlier than 0.9.8c-4etch9 AND libssl0.9.8 DPKG is earlier than 0.9.8c-4etch9 AND libssl0.9.7 DPKG is earlier than 0.9.7k-3.1etch5

Definition Id: oval:org.mitre.oval:def:13891

Oval ID:	oval:org.mitre.oval:def:13891
Title:	USN-792-1 -- openssl vulnerabilities
Description:	It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occured before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request
Family:	unix	Class:	patch
Reference(s):	USN-792-1 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-4ubuntu3.7 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-4ubuntu3.7 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-4ubuntu3.7 AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.7 AND libssl-dev DPKG is earlier than 0.9.8g-4ubuntu3.7 AND openssl DPKG is earlier than 0.9.8g-4ubuntu3.7 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-15ubuntu3.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-15ubuntu3.2 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-15ubuntu3.2 AND libssl0.9.8 DPKG is earlier than 0.9.8g-15ubuntu3.2 AND libssl-dev DPKG is earlier than 0.9.8g-15ubuntu3.2 AND openssl DPKG is earlier than 0.9.8g-15ubuntu3.2 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section libssl0.9.8 DPKG is earlier than 0.9.8a-7ubuntu0.9 AND libcrypto0.9.8-udeb DPKG is earlier than 0.9.8a-7ubuntu0.9 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8a-7ubuntu0.9 AND openssl DPKG is earlier than 0.9.8a-7ubuntu0.9 AND libssl-dev DPKG is earlier than 0.9.8a-7ubuntu0.9 OR Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-10.1ubuntu2.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND libssl0.9.8 DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND libssl-dev DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND openssl DPKG is earlier than 0.9.8g-10.1ubuntu2.4

Definition Id: oval:org.mitre.oval:def:22755

Oval ID:	oval:org.mitre.oval:def:22755
Title:	ELSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate)
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1335-02 CVE-2006-7250 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	33
Platform(s):	Oracle Linux 5	Product(s):	openssl
Definition Synopsis:
Oracle Linux 5.x rpm test openssl is earlier than 0:0.9.8e-12.el5 AND openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:24700

Oval ID:	oval:org.mitre.oval:def:24700
Title:	Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1387	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 0.9.1c before 0.9.8h AND Check if the version of OpenSSL 1.0.0 before 1.0.0a AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 0.9.1c before 0.9.8h (32_bit) AND Check if the version of OpenSSL 1.0.0 before 1.0.0a (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8h ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8h ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8h under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:28749

Oval ID:	oval:org.mitre.oval:def:28749
Title:	RHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate)
Description:	Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP).
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1335 CESA-2009:1335-CentOS 5 CVE-2006-7250 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	openssl
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5 AND openssl-perl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:7592

Oval ID:	oval:org.mitre.oval:def:7592
Title:	OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1387	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005401-SG is not installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7m::::::x86: cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7l::::::x86: cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7k::::::x86: cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7j::::::x86: cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7i::::::x86: cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7h::::::x86: cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7g::::::x86: cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7f::::::x86: cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7e::::::x86: cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7d::::::x86: cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7b::::::x86: cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7a::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta6:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6m::::::x86: cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6l::::::x86: cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6k::::::x86: cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6j::::::x86: cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6i::::::x86: cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:bogus:::::: cpe:2.3:a:openssl:openssl:0.9.6h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6h::::::x86: cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6g::::::x86: cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6f::::::x86: cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6e::::::x86: cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6d::::::x86: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6c::::::x86: cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6b::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6a::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6::::::x86: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a::::::x86: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5::::::x86: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.4::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.4::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.4::::::x86: cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3a::::::x86: cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.3::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3::::::x86: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.2b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.2b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.2b::::::x86: cpe:2.3:a:openssl:openssl:0.9.1c:::::::* cpe:2.3:a:openssl:openssl:0.9.1c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.1c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.1c::::::x86: cpe:2.3:a:openssl:openssl:0.9.1b:::::::* cpe:2.3:a:openssl:openssl:0.9.0b:::::::* cpe:2.3:a:openssl:openssl:::::::: cpe:2.3:a:openssl:openssl:::openvms:::::* cpe:2.3:a:openssl:openssl:-:::::::*	210
Application	Redhat Openssl cpe:2.3:a:redhat:openssl:0.9.7a-2:::::::* cpe:2.3:a:redhat:openssl:0.9.6b-3:::::::* cpe:2.3:a:redhat:openssl:0.9.6-15:::::::*	3
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	4

OpenVAS Exploits

Date	Description
2012-04-16	Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09	Name : CentOS Update for openssl CESA-2009:1335 centos5 i386 File : nvt/gb_CESA-2009_1335_openssl_centos5_i386.nasl
2009-12-14	Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:310 (openssl) File : nvt/mdksa_2009_310.nasl
2009-10-13	Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl2.nasl
2009-10-11	Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_81.nasl
2009-09-28	Name : Mandrake Security Advisory MDVSA-2009:238 (openssl) File : nvt/mdksa_2009_238.nasl
2009-09-28	Name : Mandrake Security Advisory MDVSA-2009:239 (openssl) File : nvt/mdksa_2009_239.nasl
2009-09-21	Name : Debian Security Advisory DSA 1888-1 (openssl, openssl097) File : nvt/deb_1888_1.nasl
2009-09-21	Name : CentOS Security Advisory CESA-2009:1335 (openssl) File : nvt/ovcesa2009_1335.nasl
2009-09-09	Name : RedHat Security Advisory RHSA-2009:1335 File : nvt/RHSA_2009_1335.nasl
2009-07-06	Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl
2009-06-30	Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl
2009-06-12	Name : Denial Of Service Vulnerability in OpenSSL June-09 (Linux) File : nvt/gb_openssl_dos_vuln_lin_jun09.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
55072	OpenSSL ssl/d1_both.cdtls1_retrieve_buffered_fragment Function DTLS Handshake...

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15348.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-01-04	Name : The remote server is affected by a denial of service vulnerability. File : openssl_1_0_0.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-239.nasl - Type : ACT_GATHER_INFO
2010-06-01	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-04-27	Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_0_0_95.nasl - Type : ACT_GATHER_INFO
2010-03-05	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1888.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-310.nasl - Type : ACT_GATHER_INFO
2009-12-02	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssl-090610.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6296.nasl - Type : ACT_GATHER_INFO
2009-09-22	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-238.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO
2009-06-26	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-792-1.nasl - Type : ACT_GATHER_INFO
2009-06-18	Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6291.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
CONFIRM	http://cvs.openssl.org/chngview?cn=17958 http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40us... http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
GENTOO	http://security.gentoo.org/glsa/glsa-200912-01.xml
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
MLIST	http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://www.openwall.com/lists/oss-security/2009/06/02/1
NETBSD	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2009-1335.html
SECUNIA	http://secunia.com/advisories/35571 http://secunia.com/advisories/35685 http://secunia.com/advisories/35729 http://secunia.com/advisories/36533 http://secunia.com/advisories/37003 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
UBUNTU	http://www.ubuntu.com/usn/USN-792-1
VUPEN	http://www.vupen.com/english/advisories/2010/0528

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-07 21:28:08	Multiple Updates
2024-02-02 01:10:56	Multiple Updates
2024-02-01 12:03:05	Multiple Updates
2023-09-05 12:10:14	Multiple Updates
2023-09-05 01:02:56	Multiple Updates
2023-09-02 12:10:20	Multiple Updates
2023-09-02 01:02:57	Multiple Updates
2023-08-12 12:12:05	Multiple Updates
2023-08-12 01:02:56	Multiple Updates
2023-08-11 12:10:21	Multiple Updates
2023-08-11 01:03:03	Multiple Updates
2023-08-06 12:09:57	Multiple Updates
2023-08-06 01:02:58	Multiple Updates
2023-08-04 12:10:02	Multiple Updates
2023-08-04 01:03:00	Multiple Updates
2023-07-14 12:10:00	Multiple Updates
2023-07-14 01:02:58	Multiple Updates
2023-03-29 01:11:30	Multiple Updates
2023-03-28 12:03:04	Multiple Updates
2022-10-11 12:08:54	Multiple Updates
2022-10-11 01:02:47	Multiple Updates
2022-02-03 12:07:02	Multiple Updates
2021-05-05 01:05:52	Multiple Updates
2021-05-04 12:09:28	Multiple Updates
2021-04-22 01:09:49	Multiple Updates
2020-05-23 01:40:19	Multiple Updates
2020-05-23 00:23:41	Multiple Updates
2019-09-24 01:02:41	Multiple Updates
2019-09-05 12:02:45	Multiple Updates
2018-08-14 12:03:04	Multiple Updates
2017-09-29 09:24:11	Multiple Updates
2016-04-27 09:41:03	Multiple Updates
2016-04-26 18:46:39	Multiple Updates
2016-03-09 13:25:54	Multiple Updates
2014-10-11 13:26:03	Multiple Updates
2014-02-17 10:49:48	Multiple Updates
2013-05-10 23:49:17	Multiple Updates
2013-01-23 13:21:51	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	7
CPE ID(s)	217
Sources(s)	22
osvdb(s)	1
Openvas Exploit(s)	14
Nessus® Exploit(s)	21

	Related
10	VMSA-2010-0009
10	HPSBMA02492 SSR...
9.3	VMSA-2010-0004
5.8	GLSA-200912-01
5.1	MDVSA-2009:310
5.1	MDVSA-2009:239
5.1	MDVSA-2009:238
5.1	DSA-1888
5	USN-792-1
5	RHSA-2009:1335
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 10 more Alert(s)

5 - CVE-2009-1387

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU