Executive Summary
Summary | |
---|---|
Title | OpenSSL vulnerability |
Informations | |||
---|---|---|---|
Name | USN-750-1 | First vendor Publication | 2009-03-30 |
Vendor | Ubuntu | Last vendor Modification | 2009-03-30 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 7.10: Ubuntu 8.04 LTS: Ubuntu 8.10: After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL. |
Original Source
Url : http://www.ubuntu.com/usn/USN-750-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10198 | |||
Oval ID: | oval:org.mitre.oval:def:10198 | ||
Title: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0590 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13751 | |||
Oval ID: | oval:org.mitre.oval:def:13751 | ||
Title: | DSA-1763-1 openssl -- programming error | ||
Description: | It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1763-1 CVE-2009-0590 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13799 | |||
Oval ID: | oval:org.mitre.oval:def:13799 | ||
Title: | USN-750-1 -- openssl vulnerability | ||
Description: | It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-750-1 CVE-2009-0590 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25196 | |||
Oval ID: | oval:org.mitre.oval:def:25196 | ||
Title: | Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash) | ||
Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0590 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6996 | |||
Oval ID: | oval:org.mitre.oval:def:6996 | ||
Title: | OpenSSL Multiple Vulnerabilities | ||
Description: | The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0590 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8038 | |||
Oval ID: | oval:org.mitre.oval:def:8038 | ||
Title: | DSA-1763 openssl -- programming error | ||
Description: | It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1763 CVE-2009-0590 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openssl |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for openssl CESA-2009:1335 centos5 i386 File : nvt/gb_CESA-2009_1335_openssl_centos5_i386.nasl |
2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
2009-10-13 | Name : SLES10: Security update for compat-openssl097g File : nvt/sles10_compat-openssl0.nasl |
2009-10-13 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl1.nasl |
2009-10-13 | Name : Solaris Update for sshd 141742-04 File : nvt/gb_solaris_141742_04.nasl |
2009-10-13 | Name : Solaris Update for sshd 140119-11 File : nvt/gb_solaris_140119_11.nasl |
2009-10-11 | Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_8.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5048397.nasl |
2009-09-23 | Name : Solaris Update for sshd 141742-02 File : nvt/gb_solaris_141742_02.nasl |
2009-09-23 | Name : Solaris Update for sshd 140119-07 File : nvt/gb_solaris_140119_07.nasl |
2009-09-23 | Name : Solaris Update for sshd 140119-09 File : nvt/gb_solaris_140119_09.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1335 (openssl) File : nvt/ovcesa2009_1335.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1335 File : nvt/RHSA_2009_1335.nasl |
2009-07-17 | Name : HP-UX Update for OpenSSL HPSBUX02435 File : nvt/gb_hp_ux_HPSBUX02435.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-11 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD.nasl |
2009-04-28 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc) File : nvt/freebsdsa_openssl7.nasl |
2009-04-15 | Name : Debian Security Advisory DSA 1763-1 (openssl) File : nvt/deb_1763_1.nasl |
2009-04-15 | Name : Gentoo Security Advisory GLSA 200904-08 (openssl) File : nvt/glsa_200904_08.nasl |
2009-04-06 | Name : Mandrake Security Advisory MDVSA-2009:087 (openssl) File : nvt/mdksa_2009_087.nasl |
2009-04-06 | Name : Ubuntu USN-749-1 (libsndfile) File : nvt/ubuntu_749_1.nasl |
2009-04-06 | Name : Ubuntu USN-750-1 (openssl) File : nvt/ubuntu_750_1.nasl |
2009-04-02 | Name : OpenSSL Multiple Vulnerabilities (Win) File : nvt/gb_openssl_mult_vuln_win.nasl |
2009-04-02 | Name : OpenSSL Multiple Vulnerabilities (Linux) File : nvt/gb_openssl_mult_vuln_lin.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-098-01 openssl File : nvt/esoft_slk_ssa_2009_098_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62881 | SSH Tectia Audit Player ASN1_STRING_print_ex() Function BMPString / Universal... |
52864 | OpenSSL ASN1_STRING_print_ex() Function BMPString / UniversalString Handling DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8k.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
2010-03-05 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6170.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6179.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12397.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO |
2009-05-08 | Name : The remote host is missing a security update File : freebsd_pkg_fbc8413f2f7a11de9a3f001b77d09812.nasl - Type : ACT_GATHER_INFO |
2009-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_compat-openssl097g-6175.nasl - Type : ACT_GATHER_INFO |
2009-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6173.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-750-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-087.nasl - Type : ACT_GATHER_INFO |
2009-04-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-098-01.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-08.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1763.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:50 |
|