Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1678

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-1678
Last Modified 20 Apr 2011 10:05:07
Published 10 Jul 2008 01:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1678

Summary

Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

Vulnerable Systems

Application

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h


References

FEDORA - FEDORA-2008-6393

CONFIRM - https://kb.bluecoat.com/index?page=content&id=SA50

CONFIRM - https://issues.apache.org/bugzilla/show_bug.cgi?id=44975

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=447268

CONFIRM - https://bugs.edge.launchpad.net/bugs/224945

CONFIRM - https://bugs.edge.launchpad.net/bugs/186339

XF - openssl-libssl-dos(43948)

VUPEN - ADV-2008-2780

UBUNTU - USN-731-1

BID - 31692

BID - 31681

REDHAT - RHSA-2009:1075

MANDRIVA - MDVSA-2009:124

CONFIRM - http://svn.apache.org/viewvc?view=rev&revision=654119

CONFIRM - http://support.apple.com/kb/HT3216

SLACKWARE - SSA:2010-060-02

SREASON - 3981

GENTOO - GLSA-200807-06

SECUNIA - 44183

SECUNIA - 42733

SECUNIA - 42724

SECUNIA - 38761

SECUNIA - 35264

SECUNIA - 34219

SECUNIA - 32222

SECUNIA - 31416

SECUNIA - 31026

MLIST - [openssl-dev] 20080512 possible memory leak in zlib compression

SUSE - SUSE-SR:2008:024

APPLE - APPLE-SA-2008-10-09

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=222643

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)

Apple 2008-10-09 Security Update 2008-007 Client (Leopard)


Last Updated: 27 May 2016 10:47:37