exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

CVE-2014-0198

Status Candidate

Overview

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Related Files

HP Security Bulletin HPSBST03642 3
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3566, CVE-2016-0705
SHA-256 | 864bcff09d4a86c839035348112fa45614c1f5e5a95ea128a61d9122002eb2f1
Mandriva Linux Security Advisory 2015-062
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
SHA-256 | e171ec43c2e20ccaebff7416a52645d7f17fe5f2ac7aa5376af3eb0518dd7115
HP Security Bulletin HPSBHF03052 2
Posted Nov 21, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03052 2 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
SHA-256 | 05b5388c45bab42768c86cb307b795bd77831c2a0e62454db751fab2eff1be37
HP Security Bulletin HPSBMU03076 2
Posted Aug 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 74c6011fdf049e842deed96044d5db0c591aa6e4838740959a4510208f32ffef
EMC Documentum Code Execution / DQL Injection
Posted Aug 19, 2014
Site emc.com

EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);

tags | advisory, vulnerability, code execution, info disclosure
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-2520, CVE-2014-2521, CVE-2014-3470, CVE-2014-4618
SHA-256 | 8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34
HP Security Bulletin HPSBMU03062
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 30ec904a6c5c9b83f25c8416bbe55a4e98f45470d07086d87abb9523fa9c1f14
Gentoo Linux Security Advisory 201407-05
Posted Jul 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201407-5 - Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code. Versions less than 1.0.1h-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 058715fbe6887e5fa7531493f741e2281a8b6fbd10beffa54560903e427c61b1
HP Security Bulletin HPSBMU03076
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 9b97ca3342a8fe043d011e3fbc87f0bef6c8bf5869678631e38d1bc64e95c33b
HP Security Bulletin HPSBMU03074
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 1a4d710e9dd7291eeed8fb57906255564db16e374b955cf64cee067d9ffb017e
HP Security Bulletin HPSBGN03068
Posted Jul 15, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03068 - Potential security vulnerabilities have been identified with HP OneView running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
SHA-256 | 9f946d69e9ae40c2b4951e6887030d834e2b618227253bcf06f848fb7f7f8e75
HP Security Bulletin HPSBMU03051 2
Posted Jul 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03051 2 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | a8b4016c09a06b99a77961252874991fb1d5f4b7f94d12df1115b2d59481596b
HP Security Bulletin HPSBMU03055
Posted Jul 2, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03055 - Potential security vulnerabilities have been identified with HP Smart Update Manager (HP SUM) running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 02b0a1928a87117f1fa493f08a54b1d05eabf305e668a1cba7e4dd009b30814a
HP Security Bulletin HPSBMU03056
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03056 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | b614877919ffd8acdaa97393db4294d3cac0f62dcd1d3c07cbb31e1f020b0139
HP Security Bulletin HPSBMU03057
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03057 - Potential security vulnerabilities have been identified with HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | d2900fe18279864e2d174ab252466414338a67aafa6110a5ff22a7ed7b064f41
HP Security Bulletin HPSBMU03051
Posted Jun 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03051 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 385e5e6edf1d7ef7bbc8050d651def4d345aba8a057fa2b355d6c87431ead849
HP Security Bulletin HPSBHF03052
Posted Jun 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03052 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
SHA-256 | b47b3c7f4ac3559bddf86c59b1503433af2a0bfc437cd35375d3a4fc1b150437
VMware Security Advisory 2014-0006
Posted Jun 11, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0006 - VMware product updates address OpenSSL security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | e32f3b5a005455ef9b833d1324278466b8f0efab24e79651b63fe8563d8dd79c
Red Hat Security Advisory 2014-0679-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0679-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | a8d4089140a1c66f2437687b323ab374e31f8637c84458203fd269e677d1bf6b
OpenSSL Toolkit 1.0.1h
Posted Jun 10, 2014
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Various security fixes.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093
Slackware Security Advisory - openssl Updates
Posted Jun 6, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | cf8aca9da762a6b44c65fafb1d8274b0cdcc4d026df6f988288ed5ec8b178686
OpenSSL Security Advisory - MITM / Recursion / DoS
Posted Jun 5, 2014
Site openssl.org

OpenSSL suffers from SSL/TLS MITM, DTLS recursion, DTLS invalid fragment, SSL_MODE_RELEASE_BUFFERS NULL pointer dereference, session injection, and various other vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | c8a76479616787fe605580247ae03de77e71fa40907ab2828faf37a7315964ee
Red Hat Security Advisory 2014-0628-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0628-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 45ac970580285e45f60c7ada7cf8c6e1a95037ba799213a4c6ba5b817da76fd1
Red Hat Security Advisory 2014-0625-01
Posted Jun 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0625-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 3d88b7a9e688d54a5fad1e381be0cca426e56f5d1e4dd8bf942ff0e19e035199
Debian Security Advisory 2931-1
Posted May 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2931-1 - It was discovered that incorrect memory handling in OpenSSL's do_ssl3_write() function could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2014-0198
SHA-256 | 3f131205b5bad70a4b0c2968f610fdfe51b874d320d478dd3e6a32fece1b4fca
FreeBSD Security Advisory - OpenSSL Null Pointer Dereference
Posted May 15, 2014
Site security.freebsd.org

FreeBSD Security Advisory - The TLS protocol supports an alert protocol which can be used to signal the other party with certain failures in the protocol context that may require immediate termination of the connection. An attacker can trigger generation of an SSL alert which could cause a null pointer deference. An attacker may be able to cause a service process that uses OpenSSL to crash, which can be used in a denial-of-service attack.

tags | advisory, protocol
systems | freebsd
advisories | CVE-2014-0198
SHA-256 | 5e7e027355f544c110f3a57ad64dbc048f43ff80774c5c5bf5cd2ee3b519875e
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close