National Cyber Awareness System

Vulnerability Summary for CVE-2009-1386

Overview

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://cvs.openssl.org/chngview?cn=17369

Type: Patch Information

Hyperlink:http://cvs.openssl.org/chngview?cn=17369

External Source: XF

Name: openssl-changecipherspec-dos(50963)

Hyperlink:http://xforce.iss.net/xforce/xfdb/50963

External Source: VUPEN

Name: ADV-2010-0528

Hyperlink:http://www.vupen.com/english/advisories/2010/0528

External Source: UBUNTU

Name: USN-792-1

Hyperlink:http://www.ubuntu.com/usn/USN-792-1

External Source: BID

Name: 35174

Hyperlink:http://www.securityfocus.com/bid/35174

External Source: REDHAT

Name: RHSA-2009:1335

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1335.html

External Source: MLIST

Name: [oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS

Hyperlink:http://www.openwall.com/lists/oss-security/2009/06/02/1

External Source: MILW0RM

Name: 8873

Hyperlink:http://www.milw0rm.com/exploits/8873

External Source: SECUNIA

Name: 38834

Hyperlink:http://secunia.com/advisories/38834

External Source: SECUNIA

Name: 38794

Hyperlink:http://secunia.com/advisories/38794

External Source: SECUNIA

Name: 36533

Hyperlink:http://secunia.com/advisories/36533

External Source: SECUNIA

Name: 35729

Hyperlink:http://secunia.com/advisories/35729

External Source: SECUNIA

Name: 35685

Hyperlink:http://secunia.com/advisories/35685

External Source: SECUNIA

Name: 35571

Hyperlink:http://secunia.com/advisories/35571

External Source: CONFIRM

Name: http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest

Type: Advisory

Hyperlink:http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest

External Source: OVAL

Name: oval:org.mitre.oval:def:7469

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7469

External Source: OVAL

Name: oval:org.mitre.oval:def:11179

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11179

External Source: MLIST

Name: [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

Hyperlink:http://lists.vmware.com/pipermail/security-announce/2010/000082.html

External Source: SUSE

Name: SUSE-SR:2009:012

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

External Source: HP

Name: SSRT100079

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

External Source: HP

Name: SSRT100079

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

External Source: NETBSD

Name: NetBSD-SA2009-009

Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

References to Check Content

Identifier:oval:org.mitre.oval:def:7469

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7469

Identifier:oval:org.mitre.oval:def:11179

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11179