CVE-2009-1386 – OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1386
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. ssl/s3_pkt.c en OpenSSL anteriores a v0.9.8i permite a los atacantes remotos, causar una denegación de servicios (puntero NULO desreferenciado y caída del "daemon"), a través de un paquete ChangeCipherSpec DTLs que ocurre antes de ClientHello. • https://www.exploit-db.com/exploits/8873 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://cvs.openssl.org/chngview?cn=17369 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest http://secunia.com/advisories/35571 • CWE-476: NULL Pointer Dereference •
CVE-2009-1387 – openssl: DTLS out-of-sequence message handling NULL deref DoS
https://notcve.org/view.php?id=CVE-2009-1387
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." La función dtls1_retrieve_buffered_fragment en ssl/d1_both.c en OpenSSL anteriores a v1.0.0 Beta 2 permite a los atacantes causar una denegación de servicios (puntero NULO desreferenciado y caída de "daemon") a través de un mensaje "handshake" DTLS fuera de secuencia, relativo a "fragment bug". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://cvs.openssl.org/chngview?cn=17958 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest http://secunia.com/advisories/35571 http://secunia.com/advisories/35685 http:& • CWE-476: NULL Pointer Dereference •
CVE-2009-1377 – OpenSSL: DTLS epoch record buffer memory DoS
https://notcve.org/view.php?id=CVE-2009-1377
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." La función dtls1_buffer_record en ssl/d1_pkt.c en OpenSSL 0.9.8k y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de memoria) a través de series largas de registros DTLS de "eras futuras" que se almacenan en búfer en una cola, también conocido como "fallo de limitación de la grabación de búfer DTLS" • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://cvs.openssl.org/chngview?cn=18187 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=openssl-dev&m=124247675613888&w=2 http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest http://secunia.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1378 – OpenSSL: DTLS fragment handling memory DoS
https://notcve.org/view.php?id=CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." Múltiples fugas de memoria en la función dtls1_process_out_of_seq_message en ssl/d1_both.c en OpenSSL v0.9.8k y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de memoria) a través de registros DTLS que (1) son duplicados o (2) tienen una secuencia de números mucho mayor que la actual secuencia de números, conocido también como "fuga de memoria en el manejo de fragmentos DTLS". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://cvs.openssl.org/chngview?cn=18188 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=openssl-dev&m=124247679213944&w=2 http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://rt.openssl.org/Ticket/Dis • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2009-0789
https://notcve.org/view.php?id=CVE-2009-0789
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. OpenSSL anterior a v0.9.8k en plataformas WIN64 y otras plataformas no maneja adecuadamente una estructura ASN.1 malformada, permitiendo a atacantes remotos provocar una denegación de servicio (acceso de memoria inválido y caída de la aplicación) al poner esta estructura en la clave pública de un certificado, como la utilizada por una clave pública RSA. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html http://marc.info/?l=bugtraq&m=124464882609472&w=2 http://marc.info/?l=bugtraq&m=127678688104458&w=2 http://secu • CWE-189: Numeric Errors •