[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Jul 11 05:20:36 PDT 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 371 Published: Thu, 10 Jul 2014 18:53:52 GMT
New Fixlets:
============
***************************************************************
Title: Vulnerability in OpenSSL 0.9.8k and earlier 0.9.8 versions, allows remote attackers to cause a denial of service (memory consumption)
Severity: Medium
Fixlet ID: 2422701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24227.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1377
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."
***************************************************************
Title: Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Severity: Medium
Fixlet ID: 2470001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24700.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1387
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
***************************************************************
Title: Vulnerability in OpenSSL before 0.9.8n, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Severity: Medium
Fixlet ID: 2479201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24792.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0433
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
***************************************************************
Title: Vulnerability in OpenSSL before 0.9.8o and 1.x before 1.0.0a, allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code
Severity: High
Fixlet ID: 2495001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24950.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0742
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.
***************************************************************
Title: Vulnerability in OpenSSL 0.9.8f through 0.9.8m, allows remote attackers to cause a denial of service (crash)
Severity: Medium
Fixlet ID: 2506501
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25065.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0740
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
***************************************************************
Title: Vulnerability in OpenSSL 0.9.8h through 0.9.8j, allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid
Severity: Low
Fixlet ID: 2508301
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25083.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0591
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
***************************************************************
Title: Vulnerability in OpenSSL before 0.9.8k on WIN64, allows remote attackers to cause a denial of service (invalid memory access and application crash)
Severity: Medium
Fixlet ID: 2508601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25086.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0789
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
***************************************************************
Title: Vulnerability in OpenSSL before 0.9.8i, allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL
Severity: Medium
Fixlet ID: 2509701
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25097.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in OpenSSL before 0.9.8i, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
***************************************************************
Title: Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Severity: Medium
Fixlet ID: 2510801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25108.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1386
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
***************************************************************
Title: Vulnerability in OpenSSL 1.0.0 Beta 2, allows remote attackers to cause a denial of service (openssl s_client crash)
Severity: Medium
Fixlet ID: 2511901
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25119.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1379
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
***************************************************************
Title: Vulnerability in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4, allows remote attackers to cause a denial of service (memory consumption)
Severity: Medium
Fixlet ID: 2512401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25124.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4355
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
***************************************************************
Title: Vulnerability in OpenSSL before 0.9.8m, does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c
Severity: High
Fixlet ID: 2515801
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25158.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3245
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
***************************************************************
Title: Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates
Severity: Medium
Fixlet ID: 2518001
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25180.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2409
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Network Security Services (NSS) library before 3.12.3, as used in OpenSSL 0.9.8 through 0.9.8k, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.
***************************************************************
Title: Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash)
Severity: Medium
Fixlet ID: 2519601
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25196.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0590
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
***************************************************************
Title: Vulnerability in OpenSSL 0.9.6, allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack
Severity: High
Fixlet ID: 2521201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25212.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0653
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
More information about the WinVulns-Announcements
mailing list