Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2014:090 | First vendor Publication | 2014-05-16 |
Vendor | Mandriva | Last vendor Modification | 2014-05-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated openssl packages fix security vulnerability: A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service (CVE-2010-5298). Also fixed in this update is a potential security issue with detection of the critical flag for the TSA extended key usage under certain cases. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:090 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24397 | |||
Oval ID: | oval:org.mitre.oval:def:24397 | ||
Title: | Vulnerability in OpenSSL through 1.0.1g, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) | ||
Description: | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-5298 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24638 | |||
Oval ID: | oval:org.mitre.oval:def:24638 | ||
Title: | Race condition in the ssl3_read_bytes function in s3_pkt.c in | ||
Description: | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-5298 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-07-31 | IAVM : 2014-B-0103 - Multiple Vulnerabilities in VMware Horizon View Client Severity : Category I - VMSKEY : V0053509 |
2014-07-31 | IAVM : 2014-B-0102 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5 Severity : Category I - VMSKEY : V0053507 |
2014-07-31 | IAVM : 2014-B-0101 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1 Severity : Category I - VMSKEY : V0053505 |
2014-07-31 | IAVM : 2014-A-0115 - Multiple Vulnerabilities in VMware Horizon View Severity : Category I - VMSKEY : V0053501 |
2014-07-24 | IAVM : 2014-B-0097 - Multiple Vulnerabilities in VMware ESXi 5.0 Severity : Category I - VMSKEY : V0053319 |
2014-07-17 | IAVM : 2014-A-0099 - Multiple Vulnerabilities in McAfee Email Gateway Severity : Category I - VMSKEY : V0053203 |
2014-07-17 | IAVM : 2014-A-0100 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity : Category I - VMSKEY : V0053201 |
2014-07-17 | IAVM : 2014-A-0109 - Multiple Vulnerabilities in VMware Fusion Severity : Category I - VMSKEY : V0053183 |
2014-07-17 | IAVM : 2014-A-0110 - Multiple Vulnerabilities in VMware Player Severity : Category I - VMSKEY : V0053181 |
2014-07-17 | IAVM : 2014-A-0111 - Multiple Vulnerabilities in VMware Workstation Severity : Category I - VMSKEY : V0053179 |
2014-07-03 | IAVM : 2014-B-0088 - Multiple Vulnerabilities in VMware ESXi 5.5 Severity : Category I - VMSKEY : V0052911 |
2014-07-03 | IAVM : 2014-B-0089 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0052909 |
2014-07-03 | IAVM : 2014-B-0091 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.5 Severity : Category I - VMSKEY : V0052907 |
2014-07-03 | IAVM : 2014-B-0085 - Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity : Category I - VMSKEY : V0052899 |
2014-07-03 | IAVM : 2014-B-0092 - Multiple Vulnerabilities in VMware vSphere Client 5.5 Severity : Category I - VMSKEY : V0052893 |
2014-06-26 | IAVM : 2014-A-0089 - Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0052805 |
2014-06-19 | IAVM : 2014-B-0078 - Multiple Vulnerabilities in Blue Coat ProxySG Severity : Category I - VMSKEY : V0052639 |
2014-06-19 | IAVM : 2014-A-0087 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity : Category I - VMSKEY : V0052637 |
2014-06-19 | IAVM : 2014-B-0080 - Multiple Vulnerabilities in Stunnel Severity : Category I - VMSKEY : V0052627 |
2014-06-19 | IAVM : 2014-B-0077 - Multiple Vulnerabilities in McAfee Web Gateway Severity : Category I - VMSKEY : V0052625 |
2014-06-12 | IAVM : 2014-A-0083 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0052495 |
2014-05-01 | IAVM : 2014-A-0063 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux Severity : Category I - VMSKEY : V0050009 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO |
2016-02-26 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20140605-openssl-iosxe.nasl - Type : ACT_GATHER_INFO |
2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0006_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO |
2015-01-22 | Name : The remote host has an application installed that is affected by multiple vul... File : oracle_virtualbox_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20140623.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Fedora host is missing a security update. File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0629.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0628.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15328.nasl - Type : ACT_GATHER_INFO |
2014-10-02 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vsphere_replication_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-09-11 | Name : The remote host is affected by multiple vulnerabilities. File : emc_documentum_content_server_ESA-2014-079.nasl - Type : ACT_GATHER_INFO |
2014-09-02 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_8_0_11.nasl - Type : ACT_GATHER_INFO |
2014-09-02 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_7_0_55.nasl - Type : ACT_GATHER_INFO |
2014-08-26 | Name : The remote web server has an application installed that is affected by multip... File : pivotal_webserver_5_4_1.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_ovftool_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-08-20 | Name : The remote Mac OS X host has an application installed that is affected by mul... File : macosx_vmware_ovftool_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-08-14 | Name : The remote host is affected by a vulnerability that could allow sensitive dat... File : openssl_ccs_1_0_1.nasl - Type : ACT_ATTACK |
2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614-sles.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote host contains software that is affected by multiple vulnerabilitie... File : hp_vca_SSRT101614-rhel.nasl - Type : ACT_GATHER_INFO |
2014-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9308.nasl - Type : ACT_GATHER_INFO |
2014-08-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-9301.nasl - Type : ACT_GATHER_INFO |
2014-08-07 | Name : The remote host is missing a vendor-supplied security patch. File : fireeye_os_SB001.nasl - Type : ACT_GATHER_INFO |
2014-08-06 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_73_hotfix_34.nasl - Type : ACT_GATHER_INFO |
2014-08-05 | Name : The FTP server installed on the remote Windows host is affected by multiple O... File : cerberus_ftp_7_0_0_3.nasl - Type : ACT_GATHER_INFO |
2014-08-05 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10629.nasl - Type : ACT_GATHER_INFO |
2014-08-04 | Name : The remote host has a support tool installed that is affected by multiple vul... File : vmware_vcenter_support_assistant_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-08-01 | Name : The remote host has a virtual desktop solution that is affected by multiple v... File : vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-08-01 | Name : The remote Mac OS X host has a virtual desktop solution that is affected by m... File : macosx_vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote host has an application installed that is affected by multiple vul... File : vmware_vcenter_converter_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_horizon_view_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0679.nasl - Type : ACT_GATHER_INFO |
2014-07-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201407-05.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0679.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote host is running software that is affected by multiple vulnerabilit... File : hp_sum_6_4_1.nasl - Type : ACT_GATHER_INFO |
2014-07-24 | Name : The remote host has an application installed that is affected by multiple Ope... File : hp_oneview_1_10.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_vsel_SB10075.nasl - Type : ACT_GATHER_INFO |
2014-07-17 | Name : The remote host is affected by multiple vulnerabilities related to the includ... File : mcafee_email_gateway_SB10075.nasl - Type : ACT_GATHER_INFO |
2014-07-15 | Name : The remote host contains an application that is affected by an information di... File : macosx_libreoffice_423.nasl - Type : ACT_GATHER_INFO |
2014-07-15 | Name : The remote host contains an application that is affected by an information di... File : libreoffice_423.nasl - Type : ACT_GATHER_INFO |
2014-07-14 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_server_appliance_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-14 | Name : The remote host is affected by multiple vulnerabilities related to OpenSSL. File : fortinet_FG-IR-14-018.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_linux_6_0_3.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : A VMware product installed on the remote host is affected by multiple vulnera... File : macosx_fusion_6_0_4.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host contains software that is affected by multiple vulnerabilities. File : vmware_player_multiple_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_linux_10_0_3.nasl - Type : ACT_GATHER_INFO |
2014-07-10 | Name : The remote host has a virtualization application that is affected by multiple... File : vmware_workstation_multiple_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO |
2014-07-09 | Name : The remote Windows host has an application installed that is affected by mult... File : vmware_vcenter_chargeback_manager_2601.nasl - Type : ACT_GATHER_INFO |
2014-07-07 | Name : The remote Windows host has an application installed that is affected by mult... File : hp_version_control_repo_manager_hpsbmu03056.nasl - Type : ACT_GATHER_INFO |
2014-07-04 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1918656_remote.nasl - Type : ACT_GATHER_INFO |
2014-07-03 | Name : The remote host has a virtualization client application installed that is aff... File : vsphere_client_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-03 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-03 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_operations_manager_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-07-02 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_3_3_1.nasl - Type : ACT_GATHER_INFO |
2014-06-24 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1900470_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote device is potentially affected by multiple vulnerabilities. File : bluecoat_proxy_sg_6_5_4_4.nasl - Type : ACT_GATHER_INFO |
2014-06-20 | Name : The remote Windows host has an application that may be affected by multiple v... File : winscp_5_5_4.nasl - Type : ACT_GATHER_INFO |
2014-06-19 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_web_gateway_sb10075.nasl - Type : ACT_GATHER_INFO |
2014-06-19 | Name : The remote host is affected by multiple vulnerabilities. File : mcafee_epo_sb10075.nasl - Type : ACT_GATHER_INFO |
2014-06-18 | Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10629.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-325.nasl - Type : ACT_GATHER_INFO |
2014-06-11 | Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities. File : vmware_esxi_5_5_build_1881737_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-11 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO |
2014-06-11 | Name : The remote AIX host has a vulnerable version of OpenSSL. File : aix_openssl_advisory8.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_5_02.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-156-03.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-7101.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-7102.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0625.nasl - Type : ACT_GATHER_INFO |
2014-06-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140605_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-06-05 | Name : The remote host is potentially affected by a vulnerability that could allow s... File : openssl_ccs.nasl - Type : ACT_ATTACK |
2014-05-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-090.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2192-1.nasl - Type : ACT_GATHER_INFO |
2014-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0b8d7194ca8811e39d8dc80aa9043978.nasl - Type : ACT_GATHER_INFO |
2014-04-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2908.nasl - Type : ACT_GATHER_INFO |
2014-04-08 | Name : The remote service is affected by multiple vulnerabilities. File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-20 13:23:32 |
|
2014-05-16 17:21:15 |
|