Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0198

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-0198
Last Modified 14 Apr 2015 10:00:05
Published 06 May 2014 06:44:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0198

Summary

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Vulnerable Systems

Application

  • Openssl 1.0.0

  • Openssl 1.0.0a

  • Openssl 1.0.0b

  • Openssl 1.0.0c

  • Openssl 1.0.0d

  • Openssl 1.0.0e

  • Openssl 1.0.0f

  • Openssl 1.0.0g

  • Openssl 1.0.0h

  • Openssl 1.0.0i

  • Openssl 1.0.0j

  • Openssl 1.0.0k

  • Openssl 1.0.0l

  • Openssl 1.0.1

  • Openssl 1.0.1a

  • Openssl 1.0.1b

  • Openssl 1.0.1c

  • Openssl 1.0.1d

  • Openssl 1.0.1e

  • Openssl 1.0.1f

  • Openssl 1.0.1g


References

CONFIRM - https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1093837

OPENBSD - [5.5] 005: RELIABILITY FIX: May 1, 2014

DEBIAN - DSA-2931

SUSE - openSUSE-SU-2014:0635

SUSE - openSUSE-SU-2014:0634

CONFIRM - http://www.openssl.org/news/secadv_20140605.txt

CONFIRM - https://kb.bluecoat.com/index?page=content&id=SA80

CISCO - 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10075

CONFIRM - http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

CONFIRM - http://www.blackberry.com/btsc/KB36051

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21678167

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677828

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677695

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677527

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676655

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676419

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676062

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676035

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21673137

SECUNIA - 59721

SECUNIA - 59669

SECUNIA - 59666

SECUNIA - 59655

SECUNIA - 59514

SECUNIA - 59491

SECUNIA - 59490

SECUNIA - 59450

SECUNIA - 59438

SECUNIA - 59413

SECUNIA - 59301

SECUNIA - 59300

SECUNIA - 59162

SECUNIA - 59126

SECUNIA - 58939

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

CONFIRM - http://www.fortiguard.com/advisory/FG-IR-14-018/

SECUNIA - 60049

SECUNIA - 59342

SECUNIA - 60066

CONFIRM - http://puppetlabs.com/security/cve/cve-2014-0198

SECUNIA - 60571

SECUNIA - 59990

SECUNIA - 59784

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2014-0012.html

BUGTRAQ - 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

MANDRIVA - MDVSA-2015:062

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html

Related Patches

VMware VMSA-2014-0006 VMware Fusion 6.0.4 for Mac (See Notes)

VMware VMSA-2014-0006 VMware Workstation 10.0.3 for Windows (Update) (All Languages) (See Notes)

VMware VMSA-2014-0006 VMware Player 5.0.4 for Windows (Update) (All Languages) (See Notes)

VMware VMSA-2014-0006 VMware Workstation 9.0.4 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2014-0006 VMware Fusion 5.0.5 for Mac (See Notes)


Last Updated: 27 May 2016 11:08:23