Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2009-1378
Analyzed
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-19 May, 2009 | 19:30
Updated At-07 Feb, 2024 | 18:02

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
OpenSSL
openssl
>>openssl>>Versions between 0.9.8(exclusive) and 0.9.8m(exclusive)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>6.06
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.04
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>8.10
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>9.04
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-401Primarynvd@nist.gov
CWE ID: CWE-401
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-09-02T00:00:00

This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.

References
HyperlinkSourceResource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.ascsecalert@redhat.com
Broken Link
Third Party Advisory
http://cvs.openssl.org/chngview?cn=18188secalert@redhat.com
Broken Link
Patch
Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444secalert@redhat.com
Broken Link
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlsecalert@redhat.com
Third Party Advisory
http://marc.info/?l=openssl-dev&m=124247679213944&w=2secalert@redhat.com
Mailing List
Patch
Third Party Advisory
http://marc.info/?l=openssl-dev&m=124263491424212&w=2secalert@redhat.com
Exploit
Mailing List
Third Party Advisory
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guestsecalert@redhat.com
Broken Link
Third Party Advisory
http://secunia.com/advisories/35128secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/35416secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/35461secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/35571secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/35729secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/36533secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/37003secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/38761secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/38794secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/38834secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/42724secalert@redhat.com
Not Applicable
Third Party Advisory
http://secunia.com/advisories/42733secalert@redhat.com
Not Applicable
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200912-01.xmlsecalert@redhat.com
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049secalert@redhat.com
Mailing List
Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.netsecalert@redhat.com
Broken Link
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.htmlsecalert@redhat.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120secalert@redhat.com
Not Applicable
http://www.openwall.com/lists/oss-security/2009/05/18/1secalert@redhat.com
Mailing List
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1335.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/35001secalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022241secalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-792-1secalert@redhat.com
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1377secalert@redhat.com
Permissions Required
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528secalert@redhat.com
Permissions Required
Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA50secalert@redhat.com
Broken Link
https://launchpad.net/bugs/cve/2009-1378secalert@redhat.com
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309secalert@redhat.com
Broken Link
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229secalert@redhat.com
Broken Link
Tool Signature
https://www.exploit-db.com/exploits/8720secalert@redhat.com
Exploit
Third Party Advisory
VDB Entry
Hyperlink: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://cvs.openssl.org/chngview?cn=18188
Source: secalert@redhat.com
Resource:
Broken Link
Patch
Vendor Advisory
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://marc.info/?l=openssl-dev&m=124247679213944&w=2
Source: secalert@redhat.com
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: http://marc.info/?l=openssl-dev&m=124263491424212&w=2
Source: secalert@redhat.com
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35128
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35416
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35461
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35571
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/35729
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/36533
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/37003
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38761
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38794
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/38834
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42724
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://secunia.com/advisories/42733
Source: secalert@redhat.com
Resource:
Not Applicable
Third Party Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200912-01.xml
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:120
Source: secalert@redhat.com
Resource:
Not Applicable
Hyperlink: http://www.openwall.com/lists/oss-security/2009/05/18/1
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-1335.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/35001
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1022241
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-792-1
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/1377
Source: secalert@redhat.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/0528
Source: secalert@redhat.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://kb.bluecoat.com/index?page=content&id=SA50
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: https://launchpad.net/bugs/cve/2009-1378
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309
Source: secalert@redhat.com
Resource:
Broken Link
Tool Signature
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229
Source: secalert@redhat.com
Resource:
Broken Link
Tool Signature
Hyperlink: https://www.exploit-db.com/exploits/8720
Source: secalert@redhat.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Change History
0Changes found
Details not found