CVE-2009-1379 – OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
https://notcve.org/view.php?id=CVE-2009-1379
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. Vulnerabilidad de uso después de la liberación en (use-after-free) en la función dtls1_retrieve_buffered_fragment en ssl/d1_both.c en OpenSSL v1.0.0 Beta 2 permite a atacantes remotos producir una denegación de servicio (caída de openssl s_client) a posiblemente tenga un impacto sin especificar a través de un paquete DTLS, como se demostró mediante un paquete de un servidor que utiliza un certificado de servidor manipulado. • https://www.exploit-db.com/exploits/8720 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest http://secunia.com/advisories/35416 http://secunia.com/advisories/35461 http: • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2009-1378 – OpenSSL: DTLS fragment handling memory DoS
https://notcve.org/view.php?id=CVE-2009-1378
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." Múltiples fugas de memoria en la función dtls1_process_out_of_seq_message en ssl/d1_both.c en OpenSSL v0.9.8k y anteriores permite a atacantes remotos producir una denegación de servicio (consumo de memoria) a través de registros DTLS que (1) son duplicados o (2) tienen una secuencia de números mucho mayor que la actual secuencia de números, conocido también como "fuga de memoria en el manejo de fragmentos DTLS". • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://cvs.openssl.org/chngview?cn=18188 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=openssl-dev&m=124247679213944&w=2 http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://rt.openssl.org/Ticket/Dis • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2009-0591
https://notcve.org/view.php?id=CVE-2009-0591
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. La función CMS_verify en OpenSSL v0.9.8h hasta v0.9.8j, cuando se ha habilitado CMS, no maneja adecuadamente los errores asociados con atributos firmados malformados, permitiendo a atacantes remotos rechazar una firma que originalmente aparentaba ser válida pero que realmente será inválida. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=124464882609472&w=2 http://marc.info/?l=bugtraq&m=127678688104458&w=2 http://secunia.com/advisories/34411 http://secunia.com/advisories/34460 http://secunia.com/advisories/34666 http://secunia.com/advisories/35065 http:/ • CWE-287: Improper Authentication •
CVE-2009-0789
https://notcve.org/view.php?id=CVE-2009-0789
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. OpenSSL anterior a v0.9.8k en plataformas WIN64 y otras plataformas no maneja adecuadamente una estructura ASN.1 malformada, permitiendo a atacantes remotos provocar una denegación de servicio (acceso de memoria inválido y caída de la aplicación) al poner esta estructura en la clave pública de un certificado, como la utilizada por una clave pública RSA. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html http://marc.info/?l=bugtraq&m=124464882609472&w=2 http://marc.info/?l=bugtraq&m=127678688104458&w=2 http://secu • CWE-189: Numeric Errors •
CVE-2009-0590 – openssl: ASN1 printing crash
https://notcve.org/view.php?id=CVE-2009-0590
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. La función ASN1_STRING_print_ex en OpenSSL versiones anteriores a v0.9.8k permite a atacantes remotos provocar una denegación de servicio (acceso inválido a memoria y caída de la aplicación) mediante vectores que provocan la impresión de (1) BMPString o (2) UniversalString con una longitud de codificación inválida. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=bugtraq&m=124464882609472&w=2 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •