OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
| Hyperlink | Source | Resource |
|---|---|---|
| http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/30405 | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/30460 | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/30825 | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/30852 | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/30868 | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/31228 | secalert@redhat.com | Third Party Advisory |
| http://secunia.com/advisories/31288 | secalert@redhat.com | Third Party Advisory |
| http://security.gentoo.org/glsa/glsa-200806-08.xml | secalert@redhat.com | Third Party Advisory |
| http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004 | secalert@redhat.com | Third Party Advisory |
| http://sourceforge.net/project/shownotes.php?release_id=615606 | secalert@redhat.com | Third Party Advisory |
| http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400 | secalert@redhat.com | Third Party Advisory |
| http://www.kb.cert.org/vuls/id/520586 | secalert@redhat.com | Third Party Advisory US Government Resource |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:107 | secalert@redhat.com | Third Party Advisory |
| http://www.openssl.org/news/secadv_20080528.txt | secalert@redhat.com | Vendor Advisory |
| http://www.securityfocus.com/archive/1/492932/100/0/threaded | secalert@redhat.com | Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/29405 | secalert@redhat.com | Patch Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id?1020122 | secalert@redhat.com | Third Party Advisory VDB Entry |
| http://www.ubuntu.com/usn/usn-620-1 | secalert@redhat.com | Third Party Advisory |
| http://www.vupen.com/english/advisories/2008/1680 | secalert@redhat.com | Permissions Required Third Party Advisory |
| http://www.vupen.com/english/advisories/2008/1937/references | secalert@redhat.com | Permissions Required Third Party Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42667 | secalert@redhat.com | Third Party Advisory VDB Entry |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html | secalert@redhat.com | Third Party Advisory |
| http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/30405 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/30460 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/30825 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/30852 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/30868 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/31228 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://secunia.com/advisories/31288 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://security.gentoo.org/glsa/glsa-200806-08.xml | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://sourceforge.net/project/shownotes.php?release_id=615606 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://www.kb.cert.org/vuls/id/520586 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory US Government Resource |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:107 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://www.openssl.org/news/secadv_20080528.txt | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |
| http://www.securityfocus.com/archive/1/492932/100/0/threaded | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/29405 | af854a3a-2127-422b-91ae-364da2661108 | Patch Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id?1020122 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| http://www.ubuntu.com/usn/usn-620-1 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |
| http://www.vupen.com/english/advisories/2008/1680 | af854a3a-2127-422b-91ae-364da2661108 | Permissions Required Third Party Advisory |
| http://www.vupen.com/english/advisories/2008/1937/references | af854a3a-2127-422b-91ae-364da2661108 | Permissions Required Third Party Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42667 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory |