Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3245

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-3245
Last Modified 13 Nov 2014 09:59:32
Published 05 Mar 2010 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3245

Summary

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Vulnerable Systems

Application

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l


References

MLIST - [openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b...

MLIST - [openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec...

MLIST - [openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf...

MLIST - [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released

MLIST - [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released

CONFIRM - https://kb.bluecoat.com/index?page=content&id=SA50

VUPEN - ADV-2010-1216

VUPEN - ADV-2010-0933

VUPEN - ADV-2010-0916

VUPEN - ADV-2010-0839

UBUNTU - USN-1003-1

BID - 38562

REDHAT - RHSA-2011:0896

REDHAT - RHSA-2010:0977

MANDRIVA - MDVSA-2010:076

CONFIRM - http://support.apple.com/kb/HT4723

SLACKWARE - SSA:2010-060-02

SECUNIA - 42733

SECUNIA - 42724

SECUNIA - 39932

SECUNIA - 39461

SECUNIA - 38761

SUSE - SUSE-SR:2010:013

FEDORA - FEDORA-2010-5357

FEDORA - FEDORA-2010-5744

APPLE - APPLE-SA-2011-06-23-1

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc

SECUNIA - 37291

Related Patches

Apple 2011-07-25 Mac OS X Server 10.6.8 v1.1 Combo Update (See Note)

Apple 2011-07-25 Mac OS X 10.6.8 v1.1 Update (See Note)

Apple 2011-07-25 Mac OS X Server 10.6.8 v1.1 Update (See Note)

Apple 2011-07-25 Mac OS X 10.6.8 v1.1 Combo Update (See Note)

Novell SUSE 2010:6943 openssl security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 11:07:00