CVE-2009-1387

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 04-06-2009 06:30

Last modified: - 02-02-2022 04:15

Total changes: - 2

Description

The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

vendor=openssl AND product=openssl AND versionEndIncluding=0.9.8k

vendor=openssl AND product=openssl AND version=1.0.0 AND update=beta1

vendor=Red Hat Enterprise Linux AND product=openssl AND version=0.9.6-15

vendor=Red Hat Enterprise Linux AND product=openssl AND version=0.9.6b-3

vendor=Red Hat Enterprise Linux AND product=openssl AND version=0.9.7a-2

vendor=canonical AND product=ubuntu_linux AND version=6.06

vendor=canonical AND product=ubuntu_linux AND version=8.04 AND software_edition=-

vendor=canonical AND product=ubuntu_linux AND version=8.10

vendor=canonical AND product=ubuntu_linux AND version=9.04

Reference

http://cvs.openssl.org/chngview?cn=17958
http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest
[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS-Mailing List, Third Party Advisory
USN-792-1-Third Party Advisory
SUSE-SR:2009:012-Third Party Advisory
35571-Third Party Advisory
35685-Third Party Advisory
35729-Third Party Advisory
NetBSD-SA2009-009-Broken Link, Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
37003-Third Party Advisory
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
GLSA-200912-01-Third Party Advisory
HPSBMA02492-Broken Link, Third Party Advisory
38794-Third Party Advisory
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates-Mailing List, Third Party Advisory
38834-Third Party Advisory
ADV-2010-0528-Permissions Required, Third Party Advisory
36533-Third Party Advisory
RHSA-2009:1335-Third Party Advisory
oval:org.mitre.oval:def:7592-Tool Signature
oval:org.mitre.oval:def:10740-Tool Signature

Keywords

CVE-2009-1387

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1387

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures