Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1386

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1386
Last Modified 22 Jan 2013 11:15:04
Published 04 Jun 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1386

Summary

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.3a

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.7m

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl Project Openssl 0.9.8c-1

  • Openssl Project Openssl 0.9.8c-2

  • Openssl Project Openssl 0.9.8c-3

  • Openssl Project Openssl 0.9.8c-4

  • Openssl Project Openssl 0.9.8c-5

  • Openssl Project Openssl 0.9.8c-6

  • Openssl Project Openssl 0.9.8c-7

  • Openssl Project Openssl 0.9.8c-8

  • Openssl Project Openssl 0.9.8c-9

  • Openssl Project Openssl 0.9.8d-1

  • Openssl Project Openssl 0.9.8d-2

  • Openssl Project Openssl 0.9.8d-3

  • Openssl Project Openssl 0.9.8d-4

  • Openssl Project Openssl 0.9.8d-5

  • Openssl Project Openssl 0.9.8d-6

  • Openssl Project Openssl 0.9.8d-7

  • Openssl Project Openssl 0.9.8d-8

  • Openssl Project Openssl 0.9.8d-9

  • Openssl Project Openssl 0.9.8e-1

  • Openssl Project Openssl 0.9.8e-2

  • Openssl Project Openssl 0.9.8e-3

  • Openssl Project Openssl 0.9.8e-4

  • Openssl Project Openssl 0.9.8e-5

  • Openssl Project Openssl 0.9.8e-6

  • Openssl Project Openssl 0.9.8e-7

  • Openssl Project Openssl 0.9.8e-8

  • Openssl Project Openssl 0.9.8e-9

  • Openssl Project Openssl 0.9.8f

  • Openssl Project Openssl 0.9.8f-1

  • Openssl Project Openssl 0.9.8f-2

  • Openssl Project Openssl 0.9.8f-3

  • Openssl Project Openssl 0.9.8f-4

  • Openssl Project Openssl 0.9.8f-5

  • Openssl Project Openssl 0.9.8f-6

  • Openssl Project Openssl 0.9.8f-7

  • Openssl Project Openssl 0.9.8f-8

  • Openssl Project Openssl 0.9.8f-9

  • Openssl Project Openssl 0.9.8g

  • Openssl Project Openssl 0.9.8g-1

  • Openssl Project Openssl 0.9.8g-2

  • Openssl Project Openssl 0.9.8g-3

  • Openssl Project Openssl 0.9.8g-4

  • Openssl Project Openssl 0.9.8g-5

  • Openssl Project Openssl 0.9.8g-6

  • Openssl Project Openssl 0.9.8g-7

  • Openssl Project Openssl 0.9.8g-8

  • Openssl Project Openssl 0.9.8g-9

  • Redhat Openssl 0.9.6-15

  • Redhat Openssl 0.9.6b-3

  • Redhat Openssl 0.9.7a-2


References

CONFIRM - http://cvs.openssl.org/chngview?cn=17369

XF - openssl-changecipherspec-dos(50963)

VUPEN - ADV-2010-0528

UBUNTU - USN-792-1

BID - 35174

MLIST - [oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS

MILW0RM - 8873

SECUNIA - 38834

SECUNIA - 38794

SECUNIA - 35729

SECUNIA - 35685

SECUNIA - 35571

CONFIRM - http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest

MLIST - [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

SUSE - SUSE-SR:2009:012

HP - SSRT100079

NETBSD - NetBSD-SA2009-009

REDHAT - RHSA-2009:1335

SECUNIA - 36533

HP - HPSBMA02492


Last Updated: 27 May 2016 11:01:42