5 - RHSA-2009:1335

Executive Summary

Summary
Title	openssl security, bug fix, and enhancement update

Informations
Name	RHSA-2009:1335	First vendor Publication	2009-09-02
Vendor	RedHat	Last vendor Modification	2009-09-02
Severity (Vendor)	Moderate	Revision	02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP).

Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)

Note: These flaws only affect applications that use DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux.

An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590)

Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example.

These updated packages also fix the following bugs:

* "openssl smime -verify -in" verifies the signature of the input file and the "-verify" switch expects a signed or encrypted input file. Previously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file. (BZ#472440)

* when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817)

As well, these updated packages add the following enhancements:

* both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798)

* an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134)

* the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798)

OpenSSL users should upgrade to these updated packages, which resolve these issues and add these enhancements.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

479817 - Do not call pairwise tests in non-FIPS mode 492304 - CVE-2009-0590 openssl: ASN1 printing crash 501253 - CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS 501254 - CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS 501572 - CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS) 503685 - CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request 503688 - CVE-2009-1387 openssl: DTLS out-of-sequence message handling NULL deref DoS

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1335.html

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-476	NULL Pointer Dereference
33 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
17 %	CWE-401	Failure to Release Memory Before Removing Last Reference ('Memory Leak')
17 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10198

Oval ID:	oval:org.mitre.oval:def:10198
Title:	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Description:	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0590	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section openssl-perl is earlier than 0:0.9.7a-33.26 AND openssl-devel is earlier than 0:0.9.7a-33.26 AND openssl is earlier than 0:0.9.7a-33.26 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openssl-perl is earlier than 0:0.9.7a-43.17.el4_8.5 AND openssl-devel is earlier than 0:0.9.7a-43.17.el4_8.5 AND openssl is earlier than 0:0.9.7a-43.17.el4_8.5 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:10740

Oval ID:	oval:org.mitre.oval:def:10740
Title:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1387	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:11179

Oval ID:	oval:org.mitre.oval:def:11179
Title:	ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Description:	ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1386	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:11309

Oval ID:	oval:org.mitre.oval:def:11309
Title:	Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Description:	Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1378	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:13721

Oval ID:	oval:org.mitre.oval:def:13721
Title:	DSA-1888-1 openssl, openssl097 -- cryptographic weakness
Description:	Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they’re no longer considered cryptographically secure. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny5. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for openssl097. The OpenSSL 0.9.8 update for oldstable also provides updated packages for multiple denial of service vulnerabilities in the Datagram Transport Layer Security implementation. These fixes were already provided for Debian stable in a previous point update. The OpenSSL 0.9.7 package from oldstable is not affected. For the unstable distribution, this problem has been fixed in version 0.9.8k-5. We recommend that you upgrade your openssl packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1888-1 CVE-2009-2409 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	openssl openssl097
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Packages section libssl-dev DPKG is earlier than 0.9.8g-15+lenny5 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-15+lenny5 AND openssl DPKG is earlier than 0.9.8g-15+lenny5 AND libssl0.9.8 DPKG is earlier than 0.9.8g-15+lenny5 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section libssl0.9.7-dbg DPKG is earlier than 0.9.7k-3.1etch5 AND libssl-dev DPKG is earlier than 0.9.8c-4etch9 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8c-4etch9 AND openssl DPKG is earlier than 0.9.8c-4etch9 AND libssl0.9.8 DPKG is earlier than 0.9.8c-4etch9 AND libssl0.9.7 DPKG is earlier than 0.9.7k-3.1etch5

Definition Id: oval:org.mitre.oval:def:13751

Oval ID:	oval:org.mitre.oval:def:13751
Title:	DSA-1763-1 openssl -- programming error
Description:	It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate. For the old stable distribution, this problem has been fixed in version 0.9.8c-4etch5 of the openssl package and in version 0.9.7k-3.1etch3 of the openssl097 package. For the stable distribution, this problem has been fixed in version 0.9.8g-15+lenny1. For the unstable distribution, this problem has been fixed in version 0.9.8g-16. We recommend that you upgrade your openssl packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1763-1 CVE-2009-0590	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	openssl
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libssl-dev DPKG is earlier than 0.9.8g-15+lenny1 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-15+lenny1 AND libssl0.9.8 DPKG is earlier than 0.9.8g-15+lenny1 AND openssl DPKG is earlier than 0.9.8g-15+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section libssl0.9.7-dbg DPKG is earlier than 0.9.7k-3.1etch3 AND libssl-dev DPKG is earlier than 0.9.8c-4etch5 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8c-4etch5 AND openssl DPKG is earlier than 0.9.8c-4etch5 AND libssl0.9.8 DPKG is earlier than 0.9.8c-4etch5 AND libssl0.9.7 DPKG is earlier than 0.9.7k-3.1etch3

Definition Id: oval:org.mitre.oval:def:13799

Oval ID:	oval:org.mitre.oval:def:13799
Title:	USN-750-1 -- openssl vulnerability
Description:	It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
Family:	unix	Class:	patch
Reference(s):	USN-750-1 CVE-2009-0590	Version:	5
Platform(s):	Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 7.10 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is powerpc AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8e-5ubuntu3.4 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8e-5ubuntu3.4 AND libssl0.9.8 DPKG is earlier than 0.9.8e-5ubuntu3.4 AND libssl-dev DPKG is earlier than 0.9.8e-5ubuntu3.4 AND openssl DPKG is earlier than 0.9.8e-5ubuntu3.4 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-4ubuntu3.5 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-4ubuntu3.5 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-4ubuntu3.5 AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.5 AND libssl-dev DPKG is earlier than 0.9.8g-4ubuntu3.5 AND openssl DPKG is earlier than 0.9.8g-4ubuntu3.5 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section libssl0.9.8 DPKG is earlier than 0.9.8a-7ubuntu0.7 AND libcrypto0.9.8-udeb DPKG is earlier than 0.9.8a-7ubuntu0.7 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8a-7ubuntu0.7 AND openssl DPKG is earlier than 0.9.8a-7ubuntu0.7 AND libssl-dev DPKG is earlier than 0.9.8a-7ubuntu0.7 OR Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-10.1ubuntu2.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-10.1ubuntu2.2 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-10.1ubuntu2.2 AND libssl0.9.8 DPKG is earlier than 0.9.8g-10.1ubuntu2.2 AND libssl-dev DPKG is earlier than 0.9.8g-10.1ubuntu2.2 AND openssl DPKG is earlier than 0.9.8g-10.1ubuntu2.2

Definition Id: oval:org.mitre.oval:def:13891

Oval ID:	oval:org.mitre.oval:def:13891
Title:	USN-792-1 -- openssl vulnerabilities
Description:	It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occured before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request
Family:	unix	Class:	patch
Reference(s):	USN-792-1 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10	Product(s):	openssl
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-4ubuntu3.7 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-4ubuntu3.7 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-4ubuntu3.7 AND libssl0.9.8 DPKG is earlier than 0.9.8g-4ubuntu3.7 AND libssl-dev DPKG is earlier than 0.9.8g-4ubuntu3.7 AND openssl DPKG is earlier than 0.9.8g-4ubuntu3.7 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-15ubuntu3.2 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-15ubuntu3.2 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-15ubuntu3.2 AND libssl0.9.8 DPKG is earlier than 0.9.8g-15ubuntu3.2 AND libssl-dev DPKG is earlier than 0.9.8g-15ubuntu3.2 AND openssl DPKG is earlier than 0.9.8g-15ubuntu3.2 OR Release section Ubuntu 6.06 is installed AND Supported architectures section Installed architecture is sparc AND Installed architecture is i386 AND Installed architecture is amd64 AND Installed architecture is powerpc AND Packages section libssl0.9.8 DPKG is earlier than 0.9.8a-7ubuntu0.9 AND libcrypto0.9.8-udeb DPKG is earlier than 0.9.8a-7ubuntu0.9 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8a-7ubuntu0.9 AND openssl DPKG is earlier than 0.9.8a-7ubuntu0.9 AND libssl-dev DPKG is earlier than 0.9.8a-7ubuntu0.9 OR Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND openssl-doc DPKG is earlier than 0.9.8g-10.1ubuntu2.4 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section libcrypto0.9.8-udeb DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND libssl0.9.8-dbg DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND libssl0.9.8 DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND libssl-dev DPKG is earlier than 0.9.8g-10.1ubuntu2.4 AND openssl DPKG is earlier than 0.9.8g-10.1ubuntu2.4

Definition Id: oval:org.mitre.oval:def:19759

Oval ID:	oval:org.mitre.oval:def:19759
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS)
Description:	The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-7250	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.001 AND openssl.OPENSSL-INC version is less than A.00.09.08w.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.001 OR Criteria meets HP Security Bulletin HPSBUX02782 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.002 AND openssl.OPENSSL-INC version is less than A.00.09.08w.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.002 OR Criteria meets HP Security Bulletin HPSBUX02782 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08w.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08w.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08w.003 AND openssl.OPENSSL-INC version is less than A.00.09.08w.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08w.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08w.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08w.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08w.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08w.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08w.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08w.003

Definition Id: oval:org.mitre.oval:def:22194

Oval ID:	oval:org.mitre.oval:def:22194
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
Description:	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0590	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.11 AND filesets tests fips_1_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.1.2.049 AND fips_1_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.1.2.049 AND fips_1_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.1.2.049 AND fips_1_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.1.2.049 AND fips_1_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.1.2.049 AND fips_1_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.1.2.049 AND fips_1_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.1.2.049 AND fips_1_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.1.2.049 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.11 AND filesets tests fips_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.2.001 AND fips_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.2.001 AND fips_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.2.001 AND fips_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.2.001 AND fips_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.2.001 AND fips_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.2.001 AND fips_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.2.001 AND fips_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.2.001 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.07m.049 AND openssl.OPENSSL-CONF version is less than A.00.09.07m.049 AND openssl.OPENSSL-DOC version is less than A.00.09.07m.049 AND openssl.OPENSSL-INC version is less than A.00.09.07m.049 AND openssl.OPENSSL-LIB version is less than A.00.09.07m.049 AND openssl.OPENSSL-MAN version is less than A.00.09.07m.049 AND openssl.OPENSSL-MIS version is less than A.00.09.07m.049 AND openssl.OPENSSL-PRNG version is less than A.00.09.07m.049 AND openssl.OPENSSL-PVT version is less than A.00.09.07m.049 AND openssl.OPENSSL-RUN version is less than A.00.09.07m.049 AND openssl.OPENSSL-SRC version is less than A.00.09.07m.049 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.23 AND filesets tests URL: version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.1.2.050 AND fips_1_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.1.2.050 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.23 AND filesets tests fips_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.2.002 AND fips_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.2.002 AND fips_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.2.002 AND fips_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.2.002 AND fips_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.2.002 AND fips_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.2.002 AND fips_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.2.002 AND fips_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.2.002 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.07m.050 AND openssl.OPENSSL-CONF version is less than A.00.09.07m.050 AND openssl.OPENSSL-DOC version is less than A.00.09.07m.050 AND openssl.OPENSSL-INC version is less than A.00.09.07m.050 AND openssl.OPENSSL-LIB version is less than A.00.09.07m.050 AND openssl.OPENSSL-MAN version is less than A.00.09.07m.050 AND openssl.OPENSSL-MIS version is less than A.00.09.07m.050 AND openssl.OPENSSL-PRNG version is less than A.00.09.07m.050 AND openssl.OPENSSL-PVT version is less than A.00.09.07m.050 AND openssl.OPENSSL-RUN version is less than A.00.09.07m.050 AND openssl.OPENSSL-SRC version is less than A.00.09.07m.050 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.31 AND filesets tests URL: version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.1.2.051 AND fips_1_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.1.2.051 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.31 AND filesets tests fips_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.2.003 AND fips_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.2.003 AND fips_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.2.003 AND fips_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.2.003 AND fips_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.2.003 AND fips_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.2.003 AND fips_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.2.003 AND fips_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.2.003 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08k.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08k.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08k.003 AND openssl.OPENSSL-INC version is less than A.00.09.08k.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08k.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08k.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08k.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08k.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08k.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08k.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08k.003

Definition Id: oval:org.mitre.oval:def:22755

Oval ID:	oval:org.mitre.oval:def:22755
Title:	ELSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate)
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1335-02 CVE-2006-7250 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	33
Platform(s):	Oracle Linux 5	Product(s):	openssl
Definition Synopsis:
Oracle Linux 5.x rpm test openssl is earlier than 0:0.9.8e-12.el5 AND openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:24227

Oval ID:	oval:org.mitre.oval:def:24227
Title:	Vulnerability in OpenSSL 0.9.8k and earlier 0.9.8 versions, allows remote attackers to cause a denial of service (memory consumption)
Description:	The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1377	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 0.9.8 before 0.9.8l AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 0.9.8 before 0.9.8l (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8l ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8l ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.8 before 0.9.8l Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:24700

Oval ID:	oval:org.mitre.oval:def:24700
Title:	Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1387	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 0.9.1c before 0.9.8h AND Check if the version of OpenSSL 1.0.0 before 1.0.0a AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 0.9.1c before 0.9.8h (32_bit) AND Check if the version of OpenSSL 1.0.0 before 1.0.0a (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8h ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8h ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8h under Sytem32 and SysWOW64 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25108

Oval ID:	oval:org.mitre.oval:def:25108
Title:	Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description:	ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1386	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 0.9.1c before 0.9.8i AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 0.9.1c before 0.9.8i (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8i ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8i ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8i under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25119

Oval ID:	oval:org.mitre.oval:def:25119
Title:	Vulnerability in OpenSSL 1.0.0 Beta 2, allows remote attackers to cause a denial of service (openssl s_client crash)
Description:	Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-1379	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 1.0.0 before 1.0.0a AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 1.0.0 before 1.0.0a (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a ProgramFilesDir AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a ProgramFilesDir x86 AND Check if the version of ssleay32.dll 1.0.0 before 1.0.0a under Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:25196

Oval ID:	oval:org.mitre.oval:def:25196
Title:	Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash)
Description:	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0590	Version:	3
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2	Product(s):	OpenSSL
Definition Synopsis:
Check vulnerable OpenSSL Check vulnerable versions of OpenSSL Check if the version of OpenSSL 0.9.1c before 0.9.8k AND OpenSSL is installed OR Check vulnerable OpenSSL (32_bit) Check vulnerable versions of OpenSSL (32_bit) Check if the version of OpenSSL 0.9.1c before 0.9.8k (32_bit) AND OpenSSL (32_bit) is installed AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8k ProgramFilesDir AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8k ProgramFilesDir x86 AND Check if the version of ssleay32.dll 0.9.1c before 0.9.8k Sytem32 and SysWOW64

Definition Id: oval:org.mitre.oval:def:28749

Oval ID:	oval:org.mitre.oval:def:28749
Title:	RHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate)
Description:	Updated openssl packages that fix several security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP).
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1335 CESA-2009:1335-CentOS 5 CVE-2006-7250 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	openssl
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5 AND openssl-perl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:6683

Oval ID:	oval:org.mitre.oval:def:6683
Title:	OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
Description:	The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1377	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005401-SG is not installed

Definition Id: oval:org.mitre.oval:def:6848

Oval ID:	oval:org.mitre.oval:def:6848
Title:	OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
Description:	Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1379	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005401-SG is not installed

Definition Id: oval:org.mitre.oval:def:6996

Oval ID:	oval:org.mitre.oval:def:6996
Title:	OpenSSL Multiple Vulnerabilities
Description:	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0590	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005401-SG is not installed

Definition Id: oval:org.mitre.oval:def:7229

Oval ID:	oval:org.mitre.oval:def:7229
Title:	OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
Description:	Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1378	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005401-SG is not installed

Definition Id: oval:org.mitre.oval:def:7469

Oval ID:	oval:org.mitre.oval:def:7469
Title:	OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
Description:	ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1386	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005401-SG is not installed

Definition Id: oval:org.mitre.oval:def:7592

Oval ID:	oval:org.mitre.oval:def:7592
Title:	OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
Description:	The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1387	Version:	5
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005401-SG is not installed

Definition Id: oval:org.mitre.oval:def:8038

Oval ID:	oval:org.mitre.oval:def:8038
Title:	DSA-1763 openssl -- programming error
Description:	It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
Family:	unix	Class:	patch
Reference(s):	DSA-1763 CVE-2009-0590	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	openssl
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libssl-dev is earlier than 0.9.8g-15+lenny1 AND libssl0.9.8-dbg is earlier than 0.9.8g-15+lenny1 AND libssl0.9.8 is earlier than 0.9.8g-15+lenny1 AND openssl is earlier than 0.9.8g-15+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Packages section libssl0.9.7-dbg is earlier than 0.9.7k-3.1etch3 AND libssl-dev is earlier than 0.9.8c-4etch5 AND libssl0.9.8-dbg is earlier than 0.9.8c-4etch5 AND openssl is earlier than 0.9.8c-4etch5 AND libssl0.9.8 is earlier than 0.9.8c-4etch5 AND libssl0.9.7 is earlier than 0.9.7k-3.1etch3

Definition Id: oval:org.mitre.oval:def:9663

Oval ID:	oval:org.mitre.oval:def:9663
Title:	The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Description:	The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1377	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5

Definition Id: oval:org.mitre.oval:def:9744

Oval ID:	oval:org.mitre.oval:def:9744
Title:	Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Description:	Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1379	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5 AND openssl-devel is earlier than 0:0.9.8e-12.el5 AND openssl is earlier than 0:0.9.8e-12.el5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:1.0.0:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.8zg:::::::* cpe:2.3:a:openssl:openssl:0.9.8zf:::::::* cpe:2.3:a:openssl:openssl:0.9.8ze:::::::* cpe:2.3:a:openssl:openssl:0.9.8zc:::::::* cpe:2.3:a:openssl:openssl:0.9.8zb:::::::* cpe:2.3:a:openssl:openssl:0.9.8za:::::::* cpe:2.3:a:openssl:openssl:0.9.8z:::::::* cpe:2.3:a:openssl:openssl:0.9.8y:::::::* cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8p:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f::::::x86: cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8e::::::x86: cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8d::::::x86: cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8c::::::x86: cpe:2.3:a:openssl:openssl:0.9.8b:::::::* cpe:2.3:a:openssl:openssl:0.9.8a:::::::* cpe:2.3:a:openssl:openssl:0.9.8:-:::::: cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7m::::::x86: cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7l::::::x86: cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7k::::::x86: cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7j::::::x86: cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7i::::::x86: cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7h::::::x86: cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7g::::::x86: cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7f::::::x86: cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7e::::::x86: cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7d::::::x86: cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7b::::::x86: cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7a::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta6:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6m::::::x86: cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6l::::::x86: cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6k::::::x86: cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6j::::::x86: cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6i::::::x86: cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:bogus:::::: cpe:2.3:a:openssl:openssl:0.9.6h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6h::::::x86: cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6g::::::x86: cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6f::::::x86: cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6e::::::x86: cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6d::::::x86: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6c::::::x86: cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6b::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6a::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6::::::x86: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a::::::x86: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5::::::x86: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.4::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.4::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.4::::::x86: cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3a::::::x86: cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.3::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3::::::x86: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.2b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.2b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.2b::::::x86: cpe:2.3:a:openssl:openssl:0.9.1c:::::::* cpe:2.3:a:openssl:openssl:0.9.1c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.1c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.1c::::::x86: cpe:2.3:a:openssl:openssl:0.9.1b:::::::* cpe:2.3:a:openssl:openssl:0.9.0b:::::::* cpe:2.3:a:openssl:openssl:::::::: cpe:2.3:a:openssl:openssl:::openvms:::::* cpe:2.3:a:openssl:openssl:-:::::::*	259
Application	Redhat Openssl cpe:2.3:a:redhat:openssl:0.9.7a-2:::::::* cpe:2.3:a:redhat:openssl:0.9.6b-3:::::::* cpe:2.3:a:redhat:openssl:0.9.6-15:::::::*	3
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*	4
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:debian:debian_linux:4.0:::::::*	2

ExploitDB Exploits

id	Description
2009-06-04	OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
2009-05-18	OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS

OpenVAS Exploits

Date	Description
2012-08-03	Name : Mandriva Update for openssl MDVSA-2012:038 (openssl) File : nvt/gb_mandriva_MDVSA_2012_038.nasl
2012-04-20	Name : Ubuntu Update for openssl USN-1424-1 File : nvt/gb_ubuntu_USN_1424_1.nasl
2012-04-16	Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09	Name : CentOS Update for openssl CESA-2009:1335 centos5 i386 File : nvt/gb_CESA-2009_1335_openssl_centos5_i386.nasl
2010-06-25	Name : Fedora Update for openssl FEDORA-2010-9421 File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl
2010-04-19	Name : Fedora Update for openssl FEDORA-2010-5357 File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl
2010-03-31	Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl
2010-03-31	Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl
2010-03-31	Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl
2009-12-14	Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:310 (openssl) File : nvt/mdksa_2009_310.nasl
2009-10-13	Name : Solaris Update for sshd 140119-11 File : nvt/gb_solaris_140119_11.nasl
2009-10-13	Name : Solaris Update for sshd 141742-04 File : nvt/gb_solaris_141742_04.nasl
2009-10-13	Name : SLES10: Security update for compat-openssl097g File : nvt/sles10_compat-openssl0.nasl
2009-10-13	Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl0.nasl
2009-10-13	Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl1.nasl
2009-10-13	Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl2.nasl
2009-10-11	Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_8.nasl
2009-10-11	Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_80.nasl
2009-10-11	Name : SLES11: Security update for OpenSSL File : nvt/sles11_libopenssl0_9_81.nasl
2009-10-10	Name : SLES9: Security update for OpenSSL File : nvt/sles9p5048397.nasl
2009-09-28	Name : Mandrake Security Advisory MDVSA-2009:239 (openssl) File : nvt/mdksa_2009_239.nasl
2009-09-28	Name : Mandrake Security Advisory MDVSA-2009:238 (openssl) File : nvt/mdksa_2009_238.nasl
2009-09-28	Name : Mandrake Security Advisory MDVSA-2009:237 (openssl) File : nvt/mdksa_2009_237.nasl
2009-09-23	Name : Solaris Update for sshd 140119-09 File : nvt/gb_solaris_140119_09.nasl
2009-09-23	Name : Solaris Update for sshd 140119-07 File : nvt/gb_solaris_140119_07.nasl
2009-09-23	Name : Solaris Update for sshd 141742-02 File : nvt/gb_solaris_141742_02.nasl
2009-09-21	Name : CentOS Security Advisory CESA-2009:1335 (openssl) File : nvt/ovcesa2009_1335.nasl
2009-09-21	Name : Debian Security Advisory DSA 1888-1 (openssl, openssl097) File : nvt/deb_1888_1.nasl
2009-09-09	Name : RedHat Security Advisory RHSA-2009:1335 File : nvt/RHSA_2009_1335.nasl
2009-07-17	Name : HP-UX Update for OpenSSL HPSBUX02435 File : nvt/gb_hp_ux_HPSBUX02435.nasl
2009-07-06	Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl
2009-06-30	Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl
2009-06-23	Name : Fedora Core 10 FEDORA-2009-5412 (openssl) File : nvt/fcore_2009_5412.nasl
2009-06-23	Name : Fedora Core 11 FEDORA-2009-5452 (openssl) File : nvt/fcore_2009_5452.nasl
2009-06-23	Name : Fedora Core 9 FEDORA-2009-5423 (openssl) File : nvt/fcore_2009_5423.nasl
2009-06-15	Name : SuSE Security Summary SUSE-SR:2009:011 File : nvt/suse_sr_2009_011.nasl
2009-06-12	Name : Denial Of Service Vulnerability in OpenSSL June-09 (Linux) File : nvt/gb_openssl_dos_vuln_lin_jun09.nasl
2009-06-05	Name : Mandrake Security Advisory MDVSA-2009:120 (openssl) File : nvt/mdksa_2009_120.nasl
2009-06-05	Name : FreeBSD Ports: opensll File : nvt/freebsd_opensll.nasl
2009-05-28	Name : OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities (Linux) File : nvt/secpod_openssl_mult_dos_vuln_lin.nasl
2009-05-28	Name : OpenSSL DTLS Packets Multiple DOS Vulnerabilities (win) File : nvt/secpod_openssl_mult_dos_vuln_win.nasl
2009-05-20	Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl
2009-05-11	Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD.nasl
2009-04-28	Name : FreeBSD Security Advisory (FreeBSD-SA-09:08.openssl.asc) File : nvt/freebsdsa_openssl7.nasl
2009-04-15	Name : Debian Security Advisory DSA 1763-1 (openssl) File : nvt/deb_1763_1.nasl
2009-04-15	Name : Gentoo Security Advisory GLSA 200904-08 (openssl) File : nvt/glsa_200904_08.nasl
2009-04-06	Name : Ubuntu USN-749-1 (libsndfile) File : nvt/ubuntu_749_1.nasl
2009-04-06	Name : Ubuntu USN-750-1 (openssl) File : nvt/ubuntu_750_1.nasl
2009-04-06	Name : Mandrake Security Advisory MDVSA-2009:087 (openssl) File : nvt/mdksa_2009_087.nasl
2009-04-02	Name : OpenSSL Multiple Vulnerabilities (Linux) File : nvt/gb_openssl_mult_vuln_lin.nasl
2009-04-02	Name : OpenSSL Multiple Vulnerabilities (Win) File : nvt/gb_openssl_mult_vuln_win.nasl
0000-00-00	Name : Slackware Advisory SSA:2010-060-02 openssl File : nvt/esoft_slk_ssa_2010_060_02.nasl
0000-00-00	Name : Slackware Advisory SSA:2009-098-01 openssl File : nvt/esoft_slk_ssa_2009_098_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
62881	SSH Tectia Audit Player ASN1_STRING_print_ex() Function BMPString / Universal...
55073	OpenSSL ssl/s3_pkt.c DTLS ChangeCipherSpec Packet Handling Remote DoS
55072	OpenSSL ssl/d1_both.cdtls1_retrieve_buffered_fragment Function DTLS Handshake...
54614	OpenSSL ssl/d1_both.c dtls1_retrieve_buffered_fragment Function DTLS Packet H...
54613	OpenSSL ssl/d1_both.c dtls1_process_out_of_seq_message Function DTLS Record H...
54612	OpenSSL ssl/d1_pkt.c dtls1_buffer_record Function Buffered DTLS Record Handli...
52864	OpenSSL ASN1_STRING_print_ex() Function BMPString / UniversalString Handling DoS

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2016-03-08	Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0004_remote.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15348.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-174.nasl - Type : ACT_GATHER_INFO
2014-04-16	Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory4.nasl - Type : ACT_GATHER_INFO
2013-12-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-04-20	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1424-1.nasl - Type : ACT_GATHER_INFO
2012-04-11	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120327.nasl - Type : ACT_GATHER_INFO
2012-04-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8034.nasl - Type : ACT_GATHER_INFO
2012-04-11	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-120328.nasl - Type : ACT_GATHER_INFO
2012-04-02	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0h.nasl - Type : ACT_GATHER_INFO
2012-04-02	Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8u.nasl - Type : ACT_GATHER_INFO
2012-03-27	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-038.nasl - Type : ACT_GATHER_INFO
2012-01-04	Name : The remote server is affected by a denial of service vulnerability. File : openssl_1_0_0.nasl - Type : ACT_GATHER_INFO
2012-01-04	Name : The remote server is affected by a denial of service vulnerability. File : openssl_0_9_8i.nasl - Type : ACT_GATHER_INFO
2012-01-04	Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8k.nasl - Type : ACT_GATHER_INFO
2012-01-04	Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8l.nasl - Type : ACT_GATHER_INFO
2011-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO
2011-07-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO
2011-07-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO
2010-12-08	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-239.nasl - Type : ACT_GATHER_INFO
2010-06-01	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-04-27	Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_0_0_95.nasl - Type : ACT_GATHER_INFO
2010-03-26	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO
2010-03-05	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0004.nasl - Type : ACT_GATHER_INFO
2010-03-02	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-060-02.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1888.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1335.nasl - Type : ACT_GATHER_INFO
2009-12-04	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-310.nasl - Type : ACT_GATHER_INFO
2009-12-02	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6267.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6179.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6296.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12397.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssl-090610.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6170.nasl - Type : ACT_GATHER_INFO
2009-09-22	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-238.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090522.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-090415.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-090416.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-090609.nasl - Type : ACT_GATHER_INFO
2009-06-26	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-792-1.nasl - Type : ACT_GATHER_INFO
2009-06-21	Name : The remote Fedora host is missing a security update. File : fedora_2009-5412.nasl - Type : ACT_GATHER_INFO
2009-06-21	Name : The remote Fedora host is missing a security update. File : fedora_2009-5423.nasl - Type : ACT_GATHER_INFO
2009-06-21	Name : The remote Fedora host is missing a security update. File : fedora_2009-5452.nasl - Type : ACT_GATHER_INFO
2009-06-18	Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6291.nasl - Type : ACT_GATHER_INFO
2009-06-01	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_82b55df84d5a11de88110030843d3802.nasl - Type : ACT_GATHER_INFO
2009-05-27	Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6268.nasl - Type : ACT_GATHER_INFO
2009-05-22	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-120.nasl - Type : ACT_GATHER_INFO
2009-05-08	Name : The remote host is missing a security update File : freebsd_pkg_fbc8413f2f7a11de9a3f001b77d09812.nasl - Type : ACT_GATHER_INFO
2009-04-30	Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-6173.nasl - Type : ACT_GATHER_INFO
2009-04-30	Name : The remote openSUSE host is missing a security update. File : suse_compat-openssl097g-6175.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-750-1.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-087.nasl - Type : ACT_GATHER_INFO
2009-04-08	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-098-01.nasl - Type : ACT_GATHER_INFO
2009-04-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-08.nasl - Type : ACT_GATHER_INFO
2009-04-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1763.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:52:50	Multiple Updates
2013-01-23 13:23:19	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	26
CPE ID(s)	268
osvdb(s)	7
ExploitDB Exploit(s)	2
Openvas Exploit(s)	54
Nessus® Exploit(s)	74

	Related
5	CVE-2009-1387
5	CVE-2009-1386
5	CVE-2009-1379
5	CVE-2009-1378
5	CVE-2009-1377
5	CVE-2009-0590
5	CVE-2006-7250
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)

5 - RHSA-2009:1335

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU