Denial Of Service Vulnerability In OpenSSL June-09 (Linux) Network Vulnerability

Summary

This host has OpenSSL installed and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to cause DTLS server crash. Impact Level: Application Impact Level: Application

Solution

Upgrade to OpenSSL version 0.9.8i or later http://www.openssl.org/source ***** Note: Vulnerability is related to CVE-2009-1386 ***** ***** This might be a False Positive Only version check is being done depending on the publicly available OpenSSL packages. Each vendor might have backported versions of the packages. *****

Insight

A NULL pointer dereference error in ssl/s3_pkt.c file which does not properly check the input packets value via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Affected

OpenSSL version prior to 0.9.8i on Linux.

References

http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest
http://www.openwall.com/lists/oss-security/2009/06/02/1

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1386

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

eZ/eZphotoshare Denial of Service
COWON Media Center JetAudio .wav File Denial Of Service Vulnerability
F-Secure Policy Manager Server fsmsh.dll module DoS
Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
Comodo Internet Security Denial of Service Vulnerability-03

Denial Of Service Vulnerability in OpenSSL June-09 (Linux)

Take action and discover your vulnerabilities