Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-3864

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2010-3864
Last Modified 26 Mar 2014 12:11:32
Published 17 Nov 2010 11:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2010-3864

Summary

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

Vulnerable Systems

Application

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l

  • Openssl 0.9.8m

  • Openssl 0.9.8n

  • Openssl 0.9.8o

  • Openssl 1.0.0

  • Openssl 1.0.0a


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=649304

SECTRACK - 1024743

CONFIRM - http://openssl.org/news/secadv_20101116.txt

REDHAT - RHSA-2010:0888

MLIST - [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released

MLIST - [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released

VUPEN - ADV-2010-3121

VUPEN - ADV-2010-3097

VUPEN - ADV-2010-3077

VUPEN - ADV-2010-3041

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2011-0003.html

BUGTRAQ - 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

DEBIAN - DSA-2125

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb11-11.html

CONFIRM - http://support.apple.com/kb/HT4723

SLACKWARE - SSA:2010-326-01

FREEBSD - FreeBSD-SA-10:10

SECUNIA - 44269

SECUNIA - 43312

SECUNIA - 42413

SECUNIA - 42397

SECUNIA - 42352

SECUNIA - 42336

SECUNIA - 42309

SECUNIA - 42243

SECUNIA - 42241

SUSE - SUSE-SR:2010:022

FEDORA - FEDORA-2010-17826

FEDORA - FEDORA-2010-17847

FEDORA - FEDORA-2010-17827

APPLE - APPLE-SA-2011-06-23-1

HP - HPSBMA02658

HP - SSRT100413

CONFIRM - http://blogs.sun.com/security/entry/cve_2010_3864_race_condition

HP - SSRT100741

HP - HPSBGN02740

CERT-VN - VU#737740

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

SECUNIA - 57353

Related Patches

Apple 2011-07-25 Mac OS X Server 10.6.8 v1.1 Combo Update (See Note)

Apple 2011-07-25 Mac OS X 10.6.8 v1.1 Update (See Note)

Apple 2011-07-25 Mac OS X Server 10.6.8 v1.1 Update (See Note)

Apple 2011-07-25 Mac OS X 10.6.8 v1.1 Combo Update (See Note)

IBM AIX 5.3: OpenSSL 0.9.8r (0.9.8.1800) (SEE NOTES)

IBM AIX 6.1: OpenSSL 0.9.8r (0.9.8.1800) (SEE NOTES)


Last Updated: 27 May 2016 10:58:16