Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0166

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-0166
Last Modified 26 Mar 2015 09:59:02
Published 08 Feb 2013 02:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0166

Summary

OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.3a

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.7m

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l

  • Openssl 0.9.8m

  • Openssl 0.9.8n

  • Openssl 0.9.8o

  • Openssl 0.9.8p

  • Openssl 0.9.8q

  • Openssl 0.9.8r

  • Openssl 0.9.8s

  • Openssl 0.9.8t

  • Openssl 0.9.8u

  • Openssl 0.9.8v

  • Openssl 0.9.8w

  • Openssl 0.9.8x

  • Openssl 1.0.0

  • Openssl 1.0.0a

  • Openssl 1.0.0b

  • Openssl 1.0.0c

  • Openssl 1.0.0d

  • Openssl 1.0.0e

  • Openssl 1.0.0f

  • Openssl 1.0.0g

  • Openssl 1.0.0h

  • Openssl 1.0.0i

  • Openssl 1.0.0j

  • Openssl 1.0.1

  • Openssl 1.0.1a

  • Openssl 1.0.1b

  • Openssl 1.0.1c

  • Redhat Openssl 0.9.6-15

  • Redhat Openssl 0.9.6b-3

  • Redhat Openssl 0.9.7a-2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=908052

CONFIRM - http://www.openssl.org/news/secadv_20130204.txt

CONFIRM - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ebc71865f0506a293242bd4aec97cdc7a8ef24b0

CONFIRM - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=66e8211c0b1347970096e04b18aa52567c325200

CONFIRM - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=62e4506a7d4cec1c8e1ff687f6b220f6a62a57c7

DEBIAN - DSA-2621

REDHAT - RHSA-2013:0587

REDHAT - RHSA-2013:0783

REDHAT - RHSA-2013:0782

HP - HPSBUX02856

HP - SSRT101104

CERT-VN - VU#737740

CONFIRM - http://support.apple.com/kb/HT5880

APPLE - APPLE-SA-2013-09-12-1

SECUNIA - 55139

SECUNIA - 55108

REDHAT - RHSA-2013:0833

HP - HPSBUX02909

HP - SSRT101289

CONFIRM - http://www.splunk.com/view/SP-CAAAHXG

SECUNIA - 53623

SUSE - SUSE-SU-2015:0578

Related Patches

Novell SUSE 2013:7548 libopenssl-devel security update for SLE 11 SP2 i586

Novell SUSE 2013:7548 libopenssl-devel security update for SLE 11 SP2 x86_64

Novell SUSE 2013:8517 openssl security update for SLE 10 SP4 i586

Novell SUSE 2013:8517 openssl security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:49