Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:11541
HistoryJun 06, 2009 - 12:00 a.m.

OpenSSL ChangeCipherSpec DTLS报文拒绝服务漏洞

2009-06-0600:00:00
Root
www.seebug.org
40

0.065 Low

EPSS

Percentile

93.8%

JSON

BUGTRAQ ID: 35174
CVE(CAN) ID: CVE-2009-1386

OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。

如果在ClientHello报文之前发送了DTLS ChangeCipherSpec报文,就可能在OpenSSL的ssl/s3_pkt.c文件中触发空指针引用,导致拒绝服务的情况。

OpenSSL 0.9.8i
厂商补丁:

OpenSSL Project

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://cvs.openssl.org/chngview?cn=17369” target=“_blank”>http://cvs.openssl.org/chngview?cn=17369</a>

Related

f5 2
veracode 1
nessus 21
cvelist 1
cve 1
debiancve 1
prion 1
openvas 29
openssl 1
nvd 1
ubuntucve 1
seebug 2
exploitpack 1
exploitdb 1
osv 1
securityvulns 4
ubuntu 1
debian 1
redhat 1
centos 1
oraclelinux 1
vmware 4
lenovo 2
f5
f5
SOL15351 - OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386
2014-06-19 00:00:00
K15351 : OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386
2014-06-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:42:00
nessus
nessus
OpenSSL 0.9.8 < 0.9.8i Vulnerability
2012-01-04 00:00:00
SuSE 11 Security Update : OpenSSL (SAT Patch Number 990)
2009-09-24 00:00:00
openSUSE Security Update : libopenssl-devel (libopenssl-devel-974)
2009-07-21 00:00:00
cvelist
cvelist
CVE-2009-1386
2009-06-04 16:00:00
cve
cve
CVE-2009-1386
2009-06-04 16:30:00
debiancve
debiancve
CVE-2009-1386
2009-06-04 16:30:00
prion
prion
Null pointer dereference
2009-06-04 16:30:00
openvas
openvas
Denial Of Service Vulnerability in OpenSSL (Jun 2009) - Linux
2009-06-12 00:00:00
Mandrake Security Advisory MDVSA-2009:237 (openssl)
2009-09-28 00:00:00
SLES11: Security update for OpenSSL
2009-10-11 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2009-1386
2009-06-02 00:00:00
nvd
nvd
CVE-2009-1386
2009-06-04 16:30:00
ubuntucve
ubuntucve
CVE-2009-1386
2009-06-04 00:00:00
seebug
seebug
OpenSSL &lt; 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
2009-06-05 00:00:00
OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
2014-07-01 00:00:00
exploitpack
exploitpack
OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
2009-06-04 00:00:00
exploitdb
exploitdb
OpenSSL &lt; 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
2009-06-04 00:00:00
osv
osv
openssl - cryptographic weakness
2009-09-15 00:00:00
securityvulns
securityvulns
Multiple OpenSSL DoS conditions
2009-06-25 00:00:00
[USN-792-1] OpenSSL vulnerabilities
2009-06-25 00:00:00
[security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows, Remote Cross Site Scripting &#40;XSS&#41;, Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code, Unauthorized Access
2010-04-26 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2009-06-25 00:00:00
debian
debian
[SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures
2009-09-15 21:37:22
redhat
redhat
(RHSA-2009:1335) Moderate: openssl security, bug fix, and enhancement update
2009-09-02 09:47:12
centos
centos
openssl security update
2009-09-15 18:42:01
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2009-09-08 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51

0.065 Low

EPSS

Percentile

93.8%

JSON
Related for SSV:11541
f52veracode1nessus21cvelist1cve1debiancve1prion1openvas29openssl1nvd1ubuntucve1seebug2exploitpack1exploitdb1osv1securityvulns4ubuntu1debian1redhat1centos1oraclelinux1vmware4lenovo2