CVE-2008-5410

Severity Score

7.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.

La caché PK11_SESSION en el motor OpenSSL PKCS#11 en Sun Solaris 10 no mantiene la cuenta de referencia para operaciones con claves asimétricas, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (fallos en las operaciones criptográficas) a través de vectores desconocidos, relacionado con las funciones (1) RSA_sign y (2) RSA_verify.

*Credits: N/A

CVSS Scores

NISTv2 7.8

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-12-09 CVE Reserved
2008-12-10 CVE Published
2024-05-15 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-310: Cryptographic Issues

CAPEC

References (9)

URL	Tag	Source
http://www.securityfocus.com/bid/32671	Vdb Entry
http://www.securitytracker.com/id?1021358	Vdb Entry
http://www.vupen.com/english/advisories/2008/3372	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/47137	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5914	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/33050	2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-21-138863-02-1	2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-21-139459-01-1	2017-09-29

URL	Date	SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246846-1	2017-09-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				10.0 Search vendor "Sun" for product "Solaris" and version "10.0"		sparc		Affected
Sun Search vendor "Sun"		Solaris Search vendor "Sun" for product "Solaris"				10.0 Search vendor "Sun" for product "Solaris" and version "10.0"		x86		Affected