|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA394] DSA-394-1 openssl095 Vulnerability Assessment Details
|
[DSA394] DSA-394-1 openssl095 |
||
DSA-394-1 openssl095 Detailed Explanation for this Vulnerability Assessment Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC). A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error. The Common Vulnerabilities and Exposures project identifies the following problems: Integer overflow in OpenSSL that permits remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. OpenSSL does not properly track the number of characters in certain ASN.1 inputs, which permits remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. Double-free vulnerability permits remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. This bug was only present in OpenSSL 0.9.7 and is listed here only for reference. For the stable distribution (woody) this problem has been fixed in openssl095 version 0.9.5a-6.woody.3. This package is not present in the unstable (sid) or testing (sarge) distribution. We recommend that you upgrade your libssl095a packages and restart services using this library. Debian doesn't ship any packages that are linked against this library. The following commandline (courtesy of Ray Dassen) produces a list of names of running processes that have libssl095 mapped into their memory space: find /proc -name maps -exec egrep -l 'libssl095' {} /dev/null \ | sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers -p | sed -e 's/^\+//' -e 's/ \+/ /g' | cut -d ' ' -f 5 | sort | uniq You should restart the associated services. Solution : http://www.debian.org/security/2003/dsa-394 Network Security Threat Level: High Networks Security ID: 8732 Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi |
||
Cables, Connectors |
USB Flash Drive Memory Thumb Photo Sticks For iPhone iPad 128/256/512GB 1TB 2TB
$15.33
SanDisk 32GB Ultra Dual Drive USB Type-C, USB 3.1 Flash Drive - SDDDC2-032G-G46
$10.99
SanDisk 128GB Ultra Flair USB 3.0 Flash Drive - SDCZ73-128G-G46
$12.99
SanDisk 16GB Ultra USB 3.0 Flash Drive - SDCZ48-016G-U46
$6.25
Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack
$4.99
New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB
$18.99
Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory
$24.99
Mechanical Style Flash Drive USB 3.0 High Speed 16TB Large Capacity Waterproof
$8.37
USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT
$249.37
Lot USB Flash Drive Memory Stick Pendrive Thumb Drive 2GB,4GB, 8G, 32G, 64G 128G
$414.85
|
||
No Discussions have been posted on this vulnerability. |