Executive Summary
Summary | |
---|---|
Title | openssl security update |
Informations | |||
---|---|---|---|
Name | DSA-2931 | First vendor Publication | 2014-05-18 |
Vendor | Debian | Last vendor Modification | 2014-05-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
It was discovered that incorrect memory handling in OpenSSL's do_ssl3_write() function could result in denial of service. The oldstable distribution (squeeze) is not affected. For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u9. For the testing distribution (jessie), this problem has been fixed in version 1.0.1g-4. For the unstable distribution (sid), this problem has been fixed in version 1.0.1g-4. We recommend that you upgrade your openssl packages. |
Original Source
Url : http://www.debian.org/security/2014/dsa-2931 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-476 | NULL Pointer Dereference |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24737 | |||
Oval ID: | oval:org.mitre.oval:def:24737 | ||
Title: | USN-2192-1 -- openssl vulnerabilities | ||
Description: | OpenSSL could be made to crash if it received specially crafted network traffic. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2192-1 CVE-2010-5298 CVE-2014-0198 | Version: | 4 |
Platform(s): | Ubuntu 14.04 Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25035 | |||
Oval ID: | oval:org.mitre.oval:def:25035 | ||
Title: | AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference | ||
Description: | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-0198 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25058 | |||
Oval ID: | oval:org.mitre.oval:def:25058 | ||
Title: | Vulnerability in OpenSSL 1.x through 1.0.1g allows remote attackers to cause a denial of service | ||
Description: | The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0198 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-07-31 | IAVM : 2014-B-0103 - Multiple Vulnerabilities in VMware Horizon View Client Severity : Category I - VMSKEY : V0053509 |
2014-07-31 | IAVM : 2014-B-0102 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5 Severity : Category I - VMSKEY : V0053507 |
2014-07-31 | IAVM : 2014-B-0101 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1 Severity : Category I - VMSKEY : V0053505 |
2014-07-31 | IAVM : 2014-A-0115 - Multiple Vulnerabilities in VMware Horizon View Severity : Category I - VMSKEY : V0053501 |
2014-07-24 | IAVM : 2014-B-0097 - Multiple Vulnerabilities in VMware ESXi 5.0 Severity : Category I - VMSKEY : V0053319 |
2014-07-17 | IAVM : 2014-A-0099 - Multiple Vulnerabilities in McAfee Email Gateway Severity : Category I - VMSKEY : V0053203 |
2014-07-17 | IAVM : 2014-A-0100 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity : Category I - VMSKEY : V0053201 |
2014-07-17 | IAVM : 2014-A-0109 - Multiple Vulnerabilities in VMware Fusion Severity : Category I - VMSKEY : V0053183 |
2014-07-17 | IAVM : 2014-A-0110 - Multiple Vulnerabilities in VMware Player Severity : Category I - VMSKEY : V0053181 |
2014-07-17 | IAVM : 2014-A-0111 - Multiple Vulnerabilities in VMware Workstation Severity : Category I - VMSKEY : V0053179 |
2014-07-03 | IAVM : 2014-B-0088 - Multiple Vulnerabilities in VMware ESXi 5.5 Severity : Category I - VMSKEY : V0052911 |
2014-07-03 | IAVM : 2014-B-0089 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0052909 |
2014-07-03 | IAVM : 2014-B-0091 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.5 Severity : Category I - VMSKEY : V0052907 |
2014-07-03 | IAVM : 2014-B-0085 - Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity : Category I - VMSKEY : V0052899 |
2014-07-03 | IAVM : 2014-B-0092 - Multiple Vulnerabilities in VMware vSphere Client 5.5 Severity : Category I - VMSKEY : V0052893 |
2014-06-26 | IAVM : 2014-A-0089 - Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0052805 |
2014-06-19 | IAVM : 2014-B-0079 - Multiple Vulnerabilities in IBM AIX Severity : Category I - VMSKEY : V0052641 |
2014-06-19 | IAVM : 2014-B-0078 - Multiple Vulnerabilities in Blue Coat ProxySG Severity : Category I - VMSKEY : V0052639 |
2014-06-19 | IAVM : 2014-A-0087 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity : Category I - VMSKEY : V0052637 |
2014-06-19 | IAVM : 2014-B-0080 - Multiple Vulnerabilities in Stunnel Severity : Category I - VMSKEY : V0052627 |
2014-06-19 | IAVM : 2014-B-0077 - Multiple Vulnerabilities in McAfee Web Gateway Severity : Category I - VMSKEY : V0052625 |
2014-06-12 | IAVM : 2014-A-0083 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0052495 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO |
2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-iosxe.nasl - Type : ACT_GATHER_INFO |
2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0006_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote host has an application installed that is affected by multiple vul... File : oracle_virtualbox_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20140623.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0629.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0628.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15329.nasl - Type : ACT_GATHER_INFO |
2014-10-02 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vsphere_replication_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-09-11 | Name : The remote host is affected by multiple vulnerabilities. File : emc_documentum_content_server_ESA-2014-079.nasl - Type : ACT_GATHER_INFO |
2014-09-02 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_11.nasl - Type : ACT_GATHER_INFO |
2014-09-02 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_55.nasl - Type : ACT_GATHER_INFO |
2014-08-26 | Name : The remote web server has an application installed that is affected by multip... File : pivotal_webserver_5_4_1.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote Mac OS X host has an application installed that is affected by mul... File : macosx_vmware_ovftool_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_330.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_ovftool_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-08-14 | Name : The remote host is affected by a vulnerability that could allow sensitive dat... File : openssl_ccs_1_0_1.nasl - Type : ACT_ATTACK |
2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614-sles.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614-rhel.nasl - Type : ACT_GATHER_INFO |
2014-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9308.nasl - Type : ACT_GATHER_INFO |
2014-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9301.nasl - Type : ACT_GATHER_INFO |
2014-08-07 | Name : The remote host is missing a vendor-supplied security patch. File : fireeye_os_SB001.nasl - Type : ACT_GATHER_INFO |
2014-08-06 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_73_hotfix_34.nasl - Type : ACT_GATHER_INFO |
2014-08-05 | Name : The FTP server installed on the remote Windows host is affected by multiple O... File : cerberus_ftp_7_0_0_3.nasl - Type : ACT_GATHER_INFO |
2014-08-05 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10629.nasl - Type : ACT_GATHER_INFO |
2014-08-04 | Name : The remote host has a support tool installed that is affected by multiple vul... File : vmware_vcenter_support_assistant_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-08-01 | Name : The remote host has a virtual desktop solution that is affected by multiple v... File : vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-08-01 | Name : The remote Mac OS X host has a virtual desktop solution that is affected by m... File : macosx_vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote host has an application installed that is affected by multiple vul... File : vmware_vcenter_converter_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0679.nasl - Type : ACT_GATHER_INFO |
2014-07-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201407-05.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0679.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote host is running software that is affected by multiple vulnerabilit... File : hp_sum_6_4_1.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote host has an application installed that is affected by multiple Ope... File : hp_oneview_1_10.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_vsel_SB10075.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote host is affected by multiple vulnerabilities related to the includ... File : mcafee_email_gateway_SB10075.nasl - Type : ACT_GATHER_INFO |
2014-07-15 | Name : The remote host contains an application that is affected by an information di... File : macosx_libreoffice_423.nasl - Type : ACT_GATHER_INFO |
2014-07-15 | Name : The remote host contains an application that is affected by an information di... File : libreoffice_423.nasl - Type : ACT_GATHER_INFO |
2014-07-14 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_server_appliance_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_multiple_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_linux_10_0_3.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_multiple_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_linux_6_0_3.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : A VMware product installed on the remote host is affected by multiple vulnera... File : macosx_fusion_6_0_4.nasl - Type : ACT_GATHER_INFO |
2014-07-09 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_vcenter_chargeback_manager_2601.nasl - Type : ACT_GATHER_INFO |
2014-07-07 | Name : The remote Windows host has an application installed that is affected by mult... File : hp_version_control_repo_manager_hpsbmu03056.nasl - Type : ACT_GATHER_INFO |
2014-07-04 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1918656_remote.nasl - Type : ACT_GATHER_INFO |
2014-07-03 | Name : The remote host has a virtualization client application installed that is aff... File : vsphere_client_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-03 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-03 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_operations_manager_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-02 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_3_3_1.nasl - Type : ACT_GATHER_INFO |
2014-06-24 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1900470_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote Windows host has an application that may be affected by multiple v... File : winscp_5_5_4.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote device is potentially affected by multiple vulnerabilities. File : bluecoat_proxy_sg_6_5_4_4.nasl - Type : ACT_GATHER_INFO |
2014-06-19 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_web_gateway_sb10075.nasl - Type : ACT_GATHER_INFO |
2014-06-19 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_epo_sb10075.nasl - Type : ACT_GATHER_INFO |
2014-06-18 | Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10629.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-360.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-359.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote AIX host has a version of OpenSSL installed that is potentially af... File : aix_openssl_advisory9.nasl - Type : ACT_GATHER_INFO |
2014-06-11 | Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File : vmware_esxi_5_5_build_1881737_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-11 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_5_02.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-156-03.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-7101.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-7102.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140605_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-06-05 | Name : The remote host is potentially affected by a vulnerability that could allow s... File : openssl_ccs.nasl - Type : ACT_ATTACK |
2014-05-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2931.nasl - Type : ACT_GATHER_INFO |
2014-05-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-080.nasl - Type : ACT_GATHER_INFO |
2014-05-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1959e847d4f011e384b00018fe623f2b.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2192-1.nasl - Type : ACT_GATHER_INFO |
2014-04-08 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-20 13:23:29 |
|
2014-05-18 17:19:59 |
|