5

CVE-2009-1378

Exploit
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version > 0.9.8 < 0.9.8m
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.75% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
Third Party Advisory
Broken Link
http://secunia.com/advisories/38761
Third Party Advisory
Not Applicable
http://secunia.com/advisories/42724
Third Party Advisory
Not Applicable
http://secunia.com/advisories/42733
Third Party Advisory
Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Third Party Advisory
Mailing List
https://kb.bluecoat.com/index?page=content&id=SA50
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/35416
Third Party Advisory
Not Applicable
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Third Party Advisory
http://secunia.com/advisories/38794
Third Party Advisory
Not Applicable
http://www.vupen.com/english/advisories/2010/0528
Third Party Advisory
Permissions Required
http://secunia.com/advisories/35729
Third Party Advisory
Not Applicable
http://secunia.com/advisories/36533
Third Party Advisory
Not Applicable
http://secunia.com/advisories/38834
Third Party Advisory
Not Applicable
http://www.redhat.com/support/errata/RHSA-2009-1335.html
Third Party Advisory
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
Third Party Advisory
Broken Link
http://secunia.com/advisories/35128
Third Party Advisory
Not Applicable
http://secunia.com/advisories/35461
Third Party Advisory
Not Applicable
http://secunia.com/advisories/35571
Third Party Advisory
Not Applicable
http://secunia.com/advisories/37003
Third Party Advisory
Not Applicable
http://security.gentoo.org/glsa/glsa-200912-01.xml
Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
Broken Link
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
Not Applicable
http://www.openwall.com/lists/oss-security/2009/05/18/1
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/35001
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1022241
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-792-1
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1377
Third Party Advisory
Permissions Required
http://cvs.openssl.org/chngview?cn=18188
Patch
Vendor Advisory
Broken Link
http://marc.info/?l=openssl-dev&m=124247679213944&w=2
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=openssl-dev&m=124263491424212&w=2
Third Party Advisory
Exploit
Mailing List
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Third Party Advisory
Broken Link
https://launchpad.net/bugs/cve/2009-1378
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309
Broken Link
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
Broken Link
Tool Signature
https://www.exploit-db.com/exploits/8720
Third Party Advisory
Exploit
VDB Entry