Executive Summary

Informations
Name MDVSA-2014:090 First vendor Publication 2014-05-16
Vendor Mandriva Last vendor Modification 2014-05-16
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:P)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated openssl packages fix security vulnerability:

A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service (CVE-2010-5298).

Also fixed in this update is a potential security issue with detection of the critical flag for the TSA extended key usage under certain cases.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:090

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24397
 
Oval ID: oval:org.mitre.oval:def:24397
Title: Vulnerability in OpenSSL through 1.0.1g, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error)
Description: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Family: windows Class: vulnerability
Reference(s): CVE-2010-5298
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24638
 
Oval ID: oval:org.mitre.oval:def:24638
Title: Race condition in the ssl3_read_bytes function in s3_pkt.c in
Description: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Family: unix Class: vulnerability
Reference(s): CVE-2010-5298
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 323

Information Assurance Vulnerability Management (IAVM)

Date Description
2014-07-31 IAVM : 2014-B-0103 - Multiple Vulnerabilities in VMware Horizon View Client
Severity : Category I - VMSKEY : V0053509
2014-07-31 IAVM : 2014-B-0102 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity : Category I - VMSKEY : V0053507
2014-07-31 IAVM : 2014-B-0101 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity : Category I - VMSKEY : V0053505
2014-07-31 IAVM : 2014-A-0115 - Multiple Vulnerabilities in VMware Horizon View
Severity : Category I - VMSKEY : V0053501
2014-07-24 IAVM : 2014-B-0097 - Multiple Vulnerabilities in VMware ESXi 5.0
Severity : Category I - VMSKEY : V0053319
2014-07-17 IAVM : 2014-A-0099 - Multiple Vulnerabilities in McAfee Email Gateway
Severity : Category I - VMSKEY : V0053203
2014-07-17 IAVM : 2014-A-0100 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity : Category I - VMSKEY : V0053201
2014-07-17 IAVM : 2014-A-0109 - Multiple Vulnerabilities in VMware Fusion
Severity : Category I - VMSKEY : V0053183
2014-07-17 IAVM : 2014-A-0110 - Multiple Vulnerabilities in VMware Player
Severity : Category I - VMSKEY : V0053181
2014-07-17 IAVM : 2014-A-0111 - Multiple Vulnerabilities in VMware Workstation
Severity : Category I - VMSKEY : V0053179
2014-07-03 IAVM : 2014-B-0088 - Multiple Vulnerabilities in VMware ESXi 5.5
Severity : Category I - VMSKEY : V0052911
2014-07-03 IAVM : 2014-B-0089 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0052909
2014-07-03 IAVM : 2014-B-0091 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity : Category I - VMSKEY : V0052907
2014-07-03 IAVM : 2014-B-0085 - Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity : Category I - VMSKEY : V0052899
2014-07-03 IAVM : 2014-B-0092 - Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity : Category I - VMSKEY : V0052893
2014-06-26 IAVM : 2014-A-0089 - Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity : Category I - VMSKEY : V0052805
2014-06-19 IAVM : 2014-B-0078 - Multiple Vulnerabilities in Blue Coat ProxySG
Severity : Category I - VMSKEY : V0052639
2014-06-19 IAVM : 2014-A-0087 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity : Category I - VMSKEY : V0052637
2014-06-19 IAVM : 2014-B-0080 - Multiple Vulnerabilities in Stunnel
Severity : Category I - VMSKEY : V0052627
2014-06-19 IAVM : 2014-B-0077 - Multiple Vulnerabilities in McAfee Web Gateway
Severity : Category I - VMSKEY : V0052625
2014-06-12 IAVM : 2014-A-0083 - Multiple Vulnerabilities in OpenSSL
Severity : Category I - VMSKEY : V0052495
2014-05-01 IAVM : 2014-A-0063 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity : Category I - VMSKEY : V0050009

Nessus® Vulnerability Scanner

Date Description
2016-02-26 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO
2016-02-26 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-iosxe.nasl - Type : ACT_GATHER_INFO
2015-12-30 Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0006_remote.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote host has an application installed that is affected by multiple vul...
File : oracle_virtualbox_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20140623.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0629.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0628.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15328.nasl - Type : ACT_GATHER_INFO
2014-10-02 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vsphere_replication_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-09-11 Name : The remote host is affected by multiple vulnerabilities.
File : emc_documentum_content_server_ESA-2014-079.nasl - Type : ACT_GATHER_INFO
2014-09-02 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_11.nasl - Type : ACT_GATHER_INFO
2014-09-02 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_55.nasl - Type : ACT_GATHER_INFO
2014-08-26 Name : The remote web server has an application installed that is affected by multip...
File : pivotal_webserver_5_4_1.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_ovftool_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote Mac OS X host has an application installed that is affected by mul...
File : macosx_vmware_ovftool_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-08-14 Name : The remote host is affected by a vulnerability that could allow sensitive dat...
File : openssl_ccs_1_0_1.nasl - Type : ACT_ATTACK
2014-08-12 Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614-sles.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614-rhel.nasl - Type : ACT_GATHER_INFO
2014-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9308.nasl - Type : ACT_GATHER_INFO
2014-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9301.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote host is missing a vendor-supplied security patch.
File : fireeye_os_SB001.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_73_hotfix_34.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The FTP server installed on the remote Windows host is affected by multiple O...
File : cerberus_ftp_7_0_0_3.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10629.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote host has a support tool installed that is affected by multiple vul...
File : vmware_vcenter_support_assistant_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote host has a virtual desktop solution that is affected by multiple v...
File : vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote Mac OS X host has a virtual desktop solution that is affected by m...
File : macosx_vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote host has an application installed that is affected by multiple vul...
File : vmware_vcenter_converter_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_horizon_view_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0679.nasl - Type : ACT_GATHER_INFO
2014-07-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201407-05.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0679.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote host is running software that is affected by multiple vulnerabilit...
File : hp_sum_6_4_1.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote host has an application installed that is affected by multiple Ope...
File : hp_oneview_1_10.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_vsel_SB10075.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote host is affected by multiple vulnerabilities related to the includ...
File : mcafee_email_gateway_SB10075.nasl - Type : ACT_GATHER_INFO
2014-07-15 Name : The remote host contains an application that is affected by an information di...
File : macosx_libreoffice_423.nasl - Type : ACT_GATHER_INFO
2014-07-15 Name : The remote host contains an application that is affected by an information di...
File : libreoffice_423.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_server_appliance_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote host is affected by multiple vulnerabilities related to OpenSSL.
File : fortinet_FG-IR-14-018.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_linux_6_0_3.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : A VMware product installed on the remote host is affected by multiple vulnera...
File : macosx_fusion_6_0_4.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_multiple_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_linux_10_0_3.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_multiple_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-07-09 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_vcenter_chargeback_manager_2601.nasl - Type : ACT_GATHER_INFO
2014-07-07 Name : The remote Windows host has an application installed that is affected by mult...
File : hp_version_control_repo_manager_hpsbmu03056.nasl - Type : ACT_GATHER_INFO
2014-07-04 Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_1918656_remote.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote host has a virtualization client application installed that is aff...
File : vsphere_client_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_operations_manager_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_3_3_1.nasl - Type : ACT_GATHER_INFO
2014-06-24 Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_1900470_remote.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote device is potentially affected by multiple vulnerabilities.
File : bluecoat_proxy_sg_6_5_4_4.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Windows host has an application that may be affected by multiple v...
File : winscp_5_5_4.nasl - Type : ACT_GATHER_INFO
2014-06-19 Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_web_gateway_sb10075.nasl - Type : ACT_GATHER_INFO
2014-06-19 Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_epo_sb10075.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote device is missing a vendor-supplied security patch.
File : junos_pulse_jsa10629.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-325.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_5_build_1881737_remote.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote AIX host has a vulnerable version of OpenSSL.
File : aix_openssl_advisory8.nasl - Type : ACT_GATHER_INFO
2014-06-10 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_5_02.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-156-03.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7101.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7102.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140605_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-05 Name : The remote host is potentially affected by a vulnerability that could allow s...
File : openssl_ccs.nasl - Type : ACT_ATTACK
2014-05-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-090.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2192-1.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0b8d7194ca8811e39d8dc80aa9043978.nasl - Type : ACT_GATHER_INFO
2014-04-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2908.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-05-20 13:23:32
  • Multiple Updates
2014-05-16 17:21:15
  • First insertion