CVE-2009-1386

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 04-06-2009 06:30

Last modified: - 02-02-2022 04:13

Total changes: - 2

Description

ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

vendor=openssl AND product=openssl AND versionEndExcluding=0.9.8

vendor=openssl AND product=openssl AND version=0.9.8 AND update=-

vendor=openssl AND product=openssl AND version=0.9.8a

vendor=openssl AND product=openssl AND version=0.9.8b

vendor=openssl AND product=openssl AND version=0.9.8c

vendor=openssl AND product=openssl AND version=0.9.8d

vendor=openssl AND product=openssl AND version=0.9.8e

vendor=openssl AND product=openssl AND version=0.9.8f

vendor=openssl AND product=openssl AND version=0.9.8g

vendor=openssl AND product=openssl AND version=0.9.8h

vendor=Red Hat Enterprise Linux AND product=openssl AND version=0.9.6-15

vendor=Red Hat Enterprise Linux AND product=openssl AND version=0.9.6b-3

vendor=Red Hat Enterprise Linux AND product=openssl AND version=0.9.7a-2

vendor=canonical AND product=ubuntu_linux AND version=6.06

vendor=canonical AND product=ubuntu_linux AND version=8.04 AND software_edition=-

vendor=canonical AND product=ubuntu_linux AND version=8.10

vendor=canonical AND product=ubuntu_linux AND version=9.04

Reference

35174-Exploit, Third Party Advisory, VDB Entry
http://cvs.openssl.org/chngview?cn=17369
http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest
[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS-Mailing List, Third Party Advisory
USN-792-1-Third Party Advisory
SUSE-SR:2009:012-Third Party Advisory
35571-Third Party Advisory
NetBSD-SA2009-009-Broken Link, Third Party Advisory
35685-Third Party Advisory
35729-Third Party Advisory
HPSBMA02492-Broken Link, Third Party Advisory
38794-Third Party Advisory
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates-Mailing List, Third Party Advisory
ADV-2010-0528-Permissions Required, Third Party Advisory
38834-Third Party Advisory
36533-Third Party Advisory
RHSA-2009:1335-Third Party Advisory
openssl-changecipherspec-dos(50963)-Third Party Advisory, VDB Entry
8873-Exploit, Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:7469-Tool Signature
oval:org.mitre.oval:def:11179-Tool Signature

Keywords

CVE-2009-1386

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1386

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures