Denial of Service : OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100668

Categoría: Denial of Service

Título: OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability

Resumen: OpenSSL is prone to a remote memory-corruption vulnerability.

Descripción: Summary:
OpenSSL is prone to a remote memory-corruption vulnerability.

Vulnerability Insight:
An attacker can exploit this issue by supplying specially crafted
structures to a vulnerable application that uses the affected library.

Vulnerability Impact:
Successfully exploiting this issue can allow the attacker to execute
arbitrary code. Failed exploit attempts will result in a denial-of-service condition.

Affected Software/OS:
Versions of OpenSSL 0.9.8.h through 0.9.8n and OpenSSL 1.0.x prior to
1.0.0a are affected. Note that Cryptographic Message Syntax (CMS)
functionality is only enabled by default in OpenSSL versions 1.0.x.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0742
40000
http://secunia.com/advisories/40000
40024
http://secunia.com/advisories/40024
40502
http://www.securityfocus.com/bid/40502
42457
http://secunia.com/advisories/42457
42724
http://secunia.com/advisories/42724
42733
http://secunia.com/advisories/42733
57353
http://secunia.com/advisories/57353
ADV-2010-1313
http://www.vupen.com/english/advisories/2010/1313
ADV-2010-3105
http://www.vupen.com/english/advisories/2010/3105
HPSBUX02610
http://marc.info/?l=bugtraq&m=129138643405740&w=2
SSRT100341
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://cvs.openssl.org/chngview?cn=19693
http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1
http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
http://www.openssl.org/news/secadv_20100601.txt
https://bugzilla.redhat.com/show_bug.cgi?id=598738
https://kb.bluecoat.com/index?page=content&id=SA50
oval:org.mitre.oval:def:12395
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100668
Categoría:	Denial of Service
Título:	OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability
Resumen:	OpenSSL is prone to a remote memory-corruption vulnerability.
Descripción:	Summary: OpenSSL is prone to a remote memory-corruption vulnerability. Vulnerability Insight: An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Vulnerability Impact: Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition. Affected Software/OS: Versions of OpenSSL 0.9.8.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. Note that Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x. Solution: Updates are available. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0742 40000 http://secunia.com/advisories/40000 40024 http://secunia.com/advisories/40024 40502 http://www.securityfocus.com/bid/40502 42457 http://secunia.com/advisories/42457 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 57353 http://secunia.com/advisories/57353 ADV-2010-1313 http://www.vupen.com/english/advisories/2010/1313 ADV-2010-3105 http://www.vupen.com/english/advisories/2010/3105 HPSBUX02610 http://marc.info/?l=bugtraq&m=129138643405740&w=2 SSRT100341 [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://cvs.openssl.org/chngview?cn=19693 http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1 http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.openssl.org/news/secadv_20100601.txt https://bugzilla.redhat.com/show_bug.cgi?id=598738 https://kb.bluecoat.com/index?page=content&id=SA50 oval:org.mitre.oval:def:12395 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395
Copyright	Copyright (C) 2010 Greenbone AG