CVSS: 7.5EPSS: 3%CPEs: 76EXPL: 1CVE-2010-4252
https://notcve.org/view.php?id=CVE-2010-4252
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. OpenSSL en versiones anteriores a la 1.0.0c, si J-PAKE está activado, no valida apropiadamente los parámetros públicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la necesidad de saber el secreto compartido y validarse con éxito, enviando valores modificados en cada ronda del protocolo. • http://cvs.openssl.org/chngview?cn=20098 http://marc.info/?l=bugtraq&m=129916880600544&w=2 http://marc.info/?l=bugtraq&m=130497251507577&w=2 http://openssl.org/news/secadv_20101202.txt http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf http://secunia.com/advisories/42469 http://secunia.com/advisories/57353 http://securitytracker.com/id?1024823 http://slackware.com/security/viewer.php? • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2010-4180 – openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack
https://notcve.org/view.php?id=CVE-2010-4180
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. OpenSSL en versiones anteriores a 0.9.8q y 1.0.x en versiones anteriores a 1.0.0c, cuando SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG está habilitado, no previene adecuadamente la modificación del conjunto de cifrado en la caché de sesión, lo que permite a atacantes remotos forzar la degradación para un cifrado no destinado a través de vectores que involucran rastreo de tráfico de red para descubrir un identificador de sesión. • http://cvs.openssl.org/chngview?cn=20131 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html& •
CVSS: 4.3EPSS: 93%CPEs: 3EXPL: 1CVE-2010-2939 – OpenSSL - 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2939
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue. Vulnerabilidad de doble liberación en la función ssl3_get_key_exchange en el cliente OpenSSL (ssl/s3_clnt.c) de OpenSSL v1.0.0a, v0.9.8, v0.9.7, y posiblemente otras versiones, cuando usa ECDH, permite a atacantes depediendo del contexto provocar una denegación de servicio (caída) y posiblemente ejecutar código a su elección a través de claves privadas manipuladas con un número no válido. NOTA: algunas fuentes se refieren a esto como un problema de uso después de la liberación. • https://www.exploit-db.com/exploits/34427 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://marc.info/?l=bugtraq&m=130331363227777&w=2 http://seclists.org/fulldisclosure/2010/Aug/84 http://secunia.com/advisories/40906 http://secunia.com/advisories/41105 http://secunia.com/advisories/42309 http://secunia.com/advisories/42413 http://secunia.com/advisories/43312 http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc http://securitytra • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 25%CPEs: 72EXPL: 0CVE-2010-0742
https://notcve.org/view.php?id=CVE-2010-0742
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. Vulnerabilidad en la implemtanción "Cryptographic Message Syntax" (CMS) en "crypto/cms/cms_asn1.c" en OpenSSL anterior a v0.9.8o y v1.x anterior a v1.0.0a no maneja correctamente estructuras que contienen "OriginatorInfo" las cuales permiten a atacantes dependientes del contexto modificar direcciones inválidas de memoria o llevar a cabo ataques de liberación doble con posibilidad de ejecutar código aleatorio a través de vectores sin especificar. • http://cvs.openssl.org/chngview?cn=19693 http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1 http://marc.info/?l=bugtraq&m=129138643405740&w=2 http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest http://secunia.com/advisories/40000 http://secunia.com/advisories/40024 http://secunia.com/advisories/42457 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://secunia.com/advisories/57353 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 8%CPEs: 14EXPL: 0CVE-2010-0433 – openssl: crash caused by a missing krb5_sname_to_principal() return value check
https://notcve.org/view.php?id=CVE-2010-0433
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. La funcion kssl_keytab_is_available en ssl/kssl.c en OpenSSL before v0.9.8n, cuando Kerberos esta activo pero los ficheros de configuracion de Kerberos no pueden ser abiertos, no comprueba adecuadamente cierto valor de retorno, lo que permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero nulo y caida de demonio) a traves de la negociacion del cifrado SSL, lo que se demuestra mediante la instalacion chroot de Dovecot o stunnel sin los ficheros de configuracion de Kerberos dentro de chroot. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc http://cvs.openssl.org/chngview?cn=19374 http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://marc.info/?l=bugtraq&m=127128920008563&w=2 http://marc.info/?l=bugtraq&m=127557640302499&w=2 http://secunia.com& • CWE-20: Improper Input Validation •