Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1377

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1377
Last Modified 22 Jan 2013 11:15:02
Published 19 May 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1377

Summary

The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."

Vulnerable Systems

Application

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl Project Openssl 0.9.8c-1

  • Openssl Project Openssl 0.9.8c-2

  • Openssl Project Openssl 0.9.8c-3

  • Openssl Project Openssl 0.9.8c-4

  • Openssl Project Openssl 0.9.8c-5

  • Openssl Project Openssl 0.9.8c-6

  • Openssl Project Openssl 0.9.8c-7

  • Openssl Project Openssl 0.9.8c-8

  • Openssl Project Openssl 0.9.8c-9

  • Openssl Project Openssl 0.9.8d-1

  • Openssl Project Openssl 0.9.8d-2

  • Openssl Project Openssl 0.9.8d-3

  • Openssl Project Openssl 0.9.8d-4

  • Openssl Project Openssl 0.9.8d-5

  • Openssl Project Openssl 0.9.8d-6

  • Openssl Project Openssl 0.9.8d-7

  • Openssl Project Openssl 0.9.8d-8

  • Openssl Project Openssl 0.9.8d-9

  • Openssl Project Openssl 0.9.8e-1

  • Openssl Project Openssl 0.9.8e-2

  • Openssl Project Openssl 0.9.8e-3

  • Openssl Project Openssl 0.9.8e-4

  • Openssl Project Openssl 0.9.8e-5

  • Openssl Project Openssl 0.9.8e-6

  • Openssl Project Openssl 0.9.8e-7

  • Openssl Project Openssl 0.9.8e-8

  • Openssl Project Openssl 0.9.8e-9

  • Openssl Project Openssl 0.9.8f

  • Openssl Project Openssl 0.9.8f-1

  • Openssl Project Openssl 0.9.8f-2

  • Openssl Project Openssl 0.9.8f-3

  • Openssl Project Openssl 0.9.8f-4

  • Openssl Project Openssl 0.9.8f-5

  • Openssl Project Openssl 0.9.8f-6

  • Openssl Project Openssl 0.9.8f-7

  • Openssl Project Openssl 0.9.8f-8

  • Openssl Project Openssl 0.9.8f-9

  • Openssl Project Openssl 0.9.8g

  • Openssl Project Openssl 0.9.8g-1

  • Openssl Project Openssl 0.9.8g-2

  • Openssl Project Openssl 0.9.8g-3

  • Openssl Project Openssl 0.9.8g-4

  • Openssl Project Openssl 0.9.8g-5

  • Openssl Project Openssl 0.9.8g-6

  • Openssl Project Openssl 0.9.8g-7

  • Openssl Project Openssl 0.9.8g-8

  • Openssl Project Openssl 0.9.8g-9


References

CONFIRM - http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest

MLIST - [openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug

CONFIRM - http://cvs.openssl.org/chngview?cn=18187

MISC - https://launchpad.net/bugs/cve/2009-1377

CONFIRM - https://kb.bluecoat.com/index?page=content&id=SA50

VUPEN - ADV-2010-0528

VUPEN - ADV-2009-1377

UBUNTU - USN-792-1

SECTRACK - 1022241

BID - 35001

MLIST - [oss-security] 20090518 Two OpenSSL DTLS remote DoS

MANDRIVA - MDVSA-2009:120

CONFIRM - http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

CONFIRM - http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

SLACKWARE - SSA:2010-060-02

GENTOO - GLSA-200912-01

SECUNIA - 42733

SECUNIA - 42724

SECUNIA - 38834

SECUNIA - 38794

SECUNIA - 38761

SECUNIA - 37003

SECUNIA - 35729

SECUNIA - 35571

SECUNIA - 35461

SECUNIA - 35416

SECUNIA - 35128

MLIST - [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

SUSE - SUSE-SR:2009:011

HP - SSRT100079

NETBSD - NetBSD-SA2009-009

REDHAT - RHSA-2009:1335

SECUNIA - 36533

HP - HPSBMA02492


Last Updated: 27 May 2016 11:01:42