CVE-2010-0742
https://notcve.org/view.php?id=CVE-2010-0742
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. Vulnerabilidad en la implemtanción "Cryptographic Message Syntax" (CMS) en "crypto/cms/cms_asn1.c" en OpenSSL anterior a v0.9.8o y v1.x anterior a v1.0.0a no maneja correctamente estructuras que contienen "OriginatorInfo" las cuales permiten a atacantes dependientes del contexto modificar direcciones inválidas de memoria o llevar a cabo ataques de liberación doble con posibilidad de ejecutar código aleatorio a través de vectores sin especificar. • http://cvs.openssl.org/chngview?cn=19693 http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1 http://marc.info/?l=bugtraq&m=129138643405740&w=2 http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest http://secunia.com/advisories/40000 http://secunia.com/advisories/40024 http://secunia.com/advisories/42457 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://secunia.com/advisories/57353 • CWE-310: Cryptographic Issues •
CVE-2010-0740 – OpenSSL - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-0740
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. La función ssl3_get_record en ssl/s3_pkt.c en OpenSSL v0.9.8f hasta v0.9.8m permite a atacantes remotos provocar una denegación de servicio (caída) a través de un registro mal formado en una conexión TLS que provoca una desreferencia a puntero NULL, relativo al número de versión menor. NOTA: algunos de estos detalles se han obtenido de información de terceras personas. • https://www.exploit-db.com/exploits/12334 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html http://marc.info/?l=bugtraq&m=127128920008563&w=2 http://marc.info/?l=bugtraq&m=127557640302499&w=2 http://secunia.com/advisories/39932 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http: • CWE-20: Improper Input Validation •
CVE-2010-0433 – openssl: crash caused by a missing krb5_sname_to_principal() return value check
https://notcve.org/view.php?id=CVE-2010-0433
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. La funcion kssl_keytab_is_available en ssl/kssl.c en OpenSSL before v0.9.8n, cuando Kerberos esta activo pero los ficheros de configuracion de Kerberos no pueden ser abiertos, no comprueba adecuadamente cierto valor de retorno, lo que permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero nulo y caida de demonio) a traves de la negociacion del cifrado SSL, lo que se demuestra mediante la instalacion chroot de Dovecot o stunnel sin los ficheros de configuracion de Kerberos dentro de chroot. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc http://cvs.openssl.org/chngview?cn=19374 http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://marc.info/?l=bugtraq&m=127128920008563&w=2 http://marc.info/?l=bugtraq&m=127557640302499&w=2 http://secunia.com& • CWE-20: Improper Input Validation •
CVE-2009-3245 – openssl: missing bn_wexpand return value checks
https://notcve.org/view.php?id=CVE-2009-3245
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. OpenSSL en versiones anterioes a v0.9.8m cuando recibe un valor de retorno NULL de la funcion bn_wexpand hace una llamada a (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, y (4) engines/e_ubsec.c, lo que tiene un impacto inespecifico y vectores de ataque dependientes del contexto. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://marc.info/?l=bugtraq&m=127128920008563&w=2 http://marc.info/?l=bugtraq&m=127678688104458&w=2 http://ma • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVE-2010-0928
https://notcve.org/view.php?id=CVE-2010-0928
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack." OpenSSL 0.9.8i en Gaisler Research LEON3 SoC sobre Xilinx Virtex-II Pro FPGA utiliza un algoritmo Fixed Width Exponentiation (FWE) para ciertos calculos de firma, el cual no verifica previamente la firma del cliente, lo que hace que atacantes proximos fisicamente puedan determinar la clave privada a traves de una modificacion del voltaje del microprocesador, relacionado con el ataque "fault-based attack." • http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf http://www.networkworld.com/news/2010/030410-rsa-security-attack.html http://www.osvdb.org/62808 http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/56750 • CWE-310: Cryptographic Issues •