CVE-2015-3196 – OpenSSL: Race condition handling PSK identify hint
https://notcve.org/view.php?id=CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. ssl/s3_clnt.c en OpenSSL 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1p y 1.0.2 en versiones anteriores a 1.0.2d, cuando es utilizado por un cliente multi hilo, escribe la pista de identidad PSK en una estructura de datos incorrecta, lo que permite a servidores remotos provocar una denegación de servicio (condición de carrera y liberación doble) a través de un mensaje ServerKeyExchange manipulado. A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html http://marc.info/?l=bugtraq&m=145382583417444&w=2 http://openssl.org/news/secadv/20151203.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-4817
https://notcve.org/view.php?id=CVE-2013-4817
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP IceWall SSO Agent Option 8.0 a 10.0 permite a atacantes remotos obtener información sensible a través de vectores no especificados. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 •
CVE-2013-4819
https://notcve.org/view.php?id=CVE-2013-4819
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP IceWall SSO Agent Option 8.0 a 10.0 permite a usuarios autenticados remotamente obtener información sensible a través de vectores no especificados. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 •
CVE-2013-4820
https://notcve.org/view.php?id=CVE-2013-4820
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP IceWall SSO 8.0 a 10.0, IceWall SSO Agent Option 8.0 a 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVAAgent Library 8.0 a 10.0, IceWall Federation Agent 3.0, y IceWall File Manager 3.0 a SP4 permite a usuarios autenticados remotamente obtener información sensible a través de vectores desconocidos. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 •
CVE-2013-4818
https://notcve.org/view.php?id=CVE-2013-4818
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP IceWall SSO 8.0 a 10.0, IceWall SSO Agent Option 8.0 a 10.0, IceWall SSO Smart Device Option 10.0, y Icewall File Manager 3.0 a SP4 permite a atacantes remotos obtener información sensible a través de vectores no especificados. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 •