Sign-up

ID

VAR-201011-0251


CVE

CVE-2010-3864


TITLE

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

Trust: 0.8

sources: CERT/CC: VU#737740

DESCRIPTION

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a heap-based buffer-overflow vulnerability because the library fails to properly perform bounds-checks on user-supplied input before copying it to an insufficiently sized memory buffer. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users. OpenSSL 0.9.8f to 0.9.8o, 1.0.0, and 1.0.0a are vulnerable. NOTE: This issue affects servers which are multi-threaded and use OpenSSL's internal caching mechanism. Multi-processed servers or servers with disabled internal caching (like Apache HTTP server and Stunnel) are not affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384 - ------------------------------------------------------------------------ 1. Summary Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. 2. Relevant releases vCenter Server 4.1 without Update 1, vCenter Update Manager 4.1 without Update 1, ESXi 4.1 without patch ESXi410-201101201-SG, ESX 4.1 without patch ESX410-201101201-SG. 3. Problem Description a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition (SQL Express) distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to SQL Express Service Pack 3, to address multiple security issues that exist in the earlier releases of Microsoft SQL Express. Customers using other database solutions need not update for these issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086, CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL Express Service Pack 3. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * Hosted products are VMware Workstation, Player, ACE, Fusion. b. vCenter Apache Tomcat Management Application Credential Disclosure The Apache Tomcat Manager application configuration file contains logon credentials that can be read by unprivileged local users. The issue is resolved by removing the Manager application in vCenter 4.1 Update 1. If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon credentials are not present in the configuration file after the update. VMware would like to thank Claudio Criscione of Secure Networking for reporting this issue to us. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-2928 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not affected VirtualCenter 2.5 Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX any ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21 Oracle (Sun) JRE update to version 1.6.0_21, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following name to the security issue fixed in Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows not applicable ** VirtualCenter 2.5 Windows not applicable ** Update Manager 4.1 Windows not applicable ** Update Manager 4.0 Windows not applicable ** Update Manager 1.0 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not applicable ** ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26 Oracle (Sun) JRE update to version 1.5.0_26, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566, CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573, CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555, CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562, CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572, CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541, CVE-2010-3574. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows not applicable ** vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned Update Manager 4.1 Windows Update 1 Update Manager 4.0 Windows affected, patch pending Update Manager 1.0 Windows affected, no patch planned hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ** ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, no patch planned ESX 3.0.3 ESX affected, no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28 Apache Tomcat updated to version 6.0.28, which addresses multiple security issues that existed in earlier releases of Apache Tomcat The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i and CVE-2009-3548. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family f. vCenter Server third party component OpenSSL updated to version 0.9.8n The version of the OpenSSL library in vCenter Server is updated to 0.9.8n. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0740 and CVE-2010-0433 to the issues addressed in this version of OpenSSL. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 4.1 Windows Update 1 vCenter 4.0 Windows affected, patch pending VirtualCenter 2.5 Windows affected, no patch planned hosted * any any not applicable ESXi any ESXi not applicable ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESX third party component OpenSSL updated to version 0.9.8p The version of the ESX OpenSSL library is updated to 0.9.8p. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3864 and CVE-2010-2939 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not applicable hosted * any any not applicable ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Fusion. h. ESXi third party component cURL updated The version of cURL library in ESXi is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 4.1 ESXi ESXi410-201101201-SG ESXi 4.0 ESXi affected, patch pending ESXi 3.5 ESXi affected, patch pending ESX any ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. i. ESX third party component pam_krb5 updated The version of pam_krb5 library is updated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-3825 and CVE-2009-1384 to the issues addressed in the update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. j. ESX third party update for Service Console kernel The Service Console kernel is updated to include kernel version 2.6.18-194.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437, CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and CVE-2010-3081 to the issues addressed in the update. Note: This update also addresses the 64-bit compatibility mode stack pointer underflow issue identified by CVE-2010-3081. This issue was patched in an ESX 4.1 patch prior to the release of ESX 4.1 Update 1. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201101201-SG ESX 4.0 ESX affected, patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware vCenter Server 4.1 Update 1 and modules ---------------------------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0 File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19 VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi 4.1 Installable Update 1 ----------------------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919 File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG. ESX 4.1 Update 1 ---------------- http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353 ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4 ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330 ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. To install an individual bulletin use esxupdate with the -b option. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 - ------------------------------------------------------------------------ 6. Change log 2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824483 Version: 1 HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.0e >= 1.0.0e Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues. References ========== [ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2125-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch November 22, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : openssl Vulnerability : buffer overflow Problem type : remote Debian-specific: no Debian Bug : 603709 CVE Id(s) : CVE-2010-3864 A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This upgrade fixes this issue. After the upgrade, any services using the openssl libraries need to be restarted. The checkrestart script from the debian-goodies package or lsof can help to find out which services need to be restarted. A note to users of the tor packages from the Debian backports or Debian volatile: This openssl update causes problems with some versions of tor. You need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2, respectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable is not affected by these problems. For the stable distribution (lenny), the problem has been fixed in openssl version 0.9.8g-15+lenny9. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.9.8o-3. We recommend that you upgrade your openssl packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc Size/MD5 checksum: 1973 1efb69f23999507bf2e74f5b848744af http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz Size/MD5 checksum: 60451 9aba44ed40b0c9c8ec82bd6cd33c44b8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 2583248 3b3f0cbec4ec28eb310466237648db8f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 1028998 79fe8cdd601aecd9f956033a04fb8da5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb Size/MD5 checksum: 722114 a388304bf86381229c306e79a5e85bf8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 2814160 e0f6fc697f5e9c87b44aa15eb58c3ea8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb Size/MD5 checksum: 4369318 c3cf8c7ec27f86563c34f45e986e17c4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 975850 778916e8b0df8e216121cd5185d7ca43 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 2243180 ff6a898ccd6fb49d5fbec9f4bd3cb6da http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb Size/MD5 checksum: 638414 9ea111d66ac5f394d35fb69defa5dd27 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 1627632 9f08e1da5cf9279cee4700e89dc6ee6d http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb Size/MD5 checksum: 1043320 9ada82a7417c0d714a38c3a7184c2401 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb Size/MD5 checksum: 536038 a9c90bb3ad326fa43c1285c1768df046 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 2087048 bded4e624fcf0791ae0885aa18d99123 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 1028894 20784774078f02ef7e9db2ddbd7d5548 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 1490666 700c80efddb108b3e2a65373cc10dcc8 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb Size/MD5 checksum: 844426 4cad5651a6d37ab19fb80b05a423598d armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 1029206 6c6c35731ecacfc0280520097ee183d4 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb Size/MD5 checksum: 540780 3b9ab48015bbd4dfc1ab205b42f1113d http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 2100958 fbf2c222a504e09e30f73cb0740a73a5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 1504318 8eaa760844c1b81d0f8bd21bdc7ca1d0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb Size/MD5 checksum: 850286 3e656a0805eb31600f8e3e520a2a6e36 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 2268562 8cb4805915dfde8326fde4281c9aaa76 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 969104 805c95116706c82051a5d08efce729e5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 1047026 2e06d411c0a8764db3504638d3b59ef9 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb Size/MD5 checksum: 1528456 de6a4129635ee4565696198ce3423674 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb Size/MD5 checksum: 634504 bab8594389626190b71ee97bfb46fa71 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 2108452 d75ba6c13fc77dd3eefddde480a05231 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 5393290 14bf0f44b8c802e47834234be834d80b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 2977384 bf4c26767b006694843d036ebdca132a http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb Size/MD5 checksum: 591782 bf5007e22e4bd31445458a5379086103 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb Size/MD5 checksum: 1035868 64085f2b106009533bda0309f08548af ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 2666530 42cdae406ce22e3e538f0d744f043a39 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1465582 33c84255a9515a9a528cbf3df9398ef5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb Size/MD5 checksum: 865352 9cbc10e393eb3d30d34ea384c6f1f9f5 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1105090 cc7485d310d4770c2b1e93c6d74dcc2b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb Size/MD5 checksum: 1280654 fde186a4983ac6cafcd3d5ec7e1d6f98 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 1025868 8b7f565c4c0a15b15f20f2e074bb503a http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 900162 391ac436c8d7ed7b55a8ea9e90c7d8be http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 2307960 227ac5c7b409d061222b94bc40e8cd18 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb Size/MD5 checksum: 1622826 8a4f73d6cd497076490404a2dade26ba http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb Size/MD5 checksum: 585108 d8447df55a530959b6cd9d5d3039c0da mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 1012186 4a154b5c4d864f7dcd0bf019dfb41c5d http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 1588308 1222eb6b1870602335ef0722b7047b6a http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb Size/MD5 checksum: 572370 a2535f616be099e9361a55637c3375d3 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 2295070 7446121759684083870d5ae0d26969c0 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb Size/MD5 checksum: 885668 3745e7c578002628f78f02bd5afeb84f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 1643808 43814c865d098046bc1dca1920820354 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 1047060 5c45e5a5d02f856cb9dc29029d0b5557 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb Size/MD5 checksum: 656166 309fdeebe15bbecbe8c55dbd5ddbdd3a http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 997540 f4bf73493f3964b8a23bdd424694f079 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb Size/MD5 checksum: 2251238 35f6f59b07e57eb538da19545a733d5f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb Size/MD5 checksum: 693040 26cab41169c6b8f64ce7936a2ea65a7b http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1051130 f67b4fd152e1175f81022ffd345d6c78 http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 2231782 c7796fff8c97bbf0c5ab69440cbd50f9 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1602496 a9595ac98fc11015dd4bb2634416197b http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb Size/MD5 checksum: 1024562 ff293933ef4eb5e952659fe7caf82c8b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 2290536 e5c655fbcc524fe7bb56945cc8b2f5d1 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 3868850 b9cbaa2cbb2cfa4aa1dce984148dba4b http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 2146488 d0c17736c2b26a97491e34321ffff3f5 http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb Size/MD5 checksum: 580510 28ab74855c8a34bb002b44fd7ecb8997 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb Size/MD5 checksum: 1043044 d78ffaf44d1177b05fa0cfb02d76128a These files will probably be moved into the stable distribution on its next update. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://openssl.org/news/secadv_20101116.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: b32e4b6e6b901d72fe4aa24bd0f41f9b 2009.0/i586/libopenssl0.9.8-0.9.8h-3.8mdv2009.0.i586.rpm f55512826ad63a1c9c4b60fad54292ac 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdv2009.0.i586.rpm eb005af48a71b807ef387f4c54eedd6f 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.i586.rpm ed01c1d0ea3fdecc8ba3331541d18d9a 2009.0/i586/openssl-0.9.8h-3.8mdv2009.0.i586.rpm a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 007dedca099e812b7b461e720ef5e6f1 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdv2009.0.x86_64.rpm 293194a028c940a27d11549ef84ff182 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm 6b1c8ced8640b51bf25761c127b3ed20 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdv2009.0.x86_64.rpm 76bbe5d36d9887cbc753b267b6d3a608 2009.0/x86_64/openssl-0.9.8h-3.8mdv2009.0.x86_64.rpm a5b43d482e633af8952e7e04f8d7b56e 2009.0/SRPMS/openssl-0.9.8h-3.8mdv2009.0.src.rpm Mandriva Linux 2010.0: b92acd82153b8987f0bcdb0e277c6f0e 2010.0/i586/libopenssl0.9.8-0.9.8k-5.3mdv2010.0.i586.rpm d780ab4e0e80a66b105f72e41a4d5b54 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.3mdv2010.0.i586.rpm 8faae39210b0c366f619cdb71b1a7321 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.i586.rpm 2247e3b7bff72998d841d650ba25960a 2010.0/i586/openssl-0.9.8k-5.3mdv2010.0.i586.rpm 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 331d3064412c7b73baed5d54e7262f51 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.3mdv2010.0.x86_64.rpm 2e90f43a521e108a8adbde35a058d7b9 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm 7d102f6bf8bb201654aa518e3b73a27f 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.3mdv2010.0.x86_64.rpm 4b7ad813fd5fdd5785bd94eb3a951244 2010.0/x86_64/openssl-0.9.8k-5.3mdv2010.0.x86_64.rpm 2c2a297e1c568ef69502064578516f0f 2010.0/SRPMS/openssl-0.9.8k-5.3mdv2010.0.src.rpm Mandriva Linux 2010.1: 8310ac6aa860087de6992e618460f279 2010.1/i586/libopenssl1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm 7e7719b1b5c2f91a6eadfab9dd696b8f 2010.1/i586/libopenssl1.0.0-devel-1.0.0a-1.5mdv2010.1.i586.rpm 5b5aa8939c69c69c2ab49145aca37173 2010.1/i586/libopenssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.i586.rpm 0e6bd59c1d6b2c459acc5c4d0851246a 2010.1/i586/libopenssl-engines1.0.0-1.0.0a-1.5mdv2010.1.i586.rpm de46046e9b1e033cccd668b32b70972c 2010.1/i586/openssl-1.0.0a-1.5mdv2010.1.i586.rpm f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: c792f3d19c1f9ff50c801feccd600319 2010.1/x86_64/lib64openssl1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm 7f3a6b125fc145e17c140218f3b48a92 2010.1/x86_64/lib64openssl1.0.0-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm e5f35fbeadb2f765607325f960de621e 2010.1/x86_64/lib64openssl1.0.0-static-devel-1.0.0a-1.5mdv2010.1.x86_64.rpm 27a8dee6459e0830be1e907f082d25a2 2010.1/x86_64/lib64openssl-engines1.0.0-1.0.0a-1.5mdv2010.1.x86_64.rpm 4b7863a6c8b883f385613bb7a49af128 2010.1/x86_64/openssl-1.0.0a-1.5mdv2010.1.x86_64.rpm f6059c72297b6510fa4c816db6742a64 2010.1/SRPMS/openssl-1.0.0a-1.5mdv2010.1.src.rpm Mandriva Enterprise Server 5: fef62b69a582a93e821a2d802fb4faee mes5/i586/libopenssl0.9.8-0.9.8h-3.8mdvmes5.1.i586.rpm fe3c0cf3596d90cc3be37a944df1753b mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.i586.rpm d5a269adf63ee6d4ce21ea651e208180 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.i586.rpm e410f94c6d8c08270aa1edd5aeb7c177 mes5/i586/openssl-0.9.8h-3.8mdvmes5.1.i586.rpm aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: ebec7b3044ee3b3b0ab6c455741e5782 mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.8mdvmes5.1.x86_64.rpm 0c201edd531dd53a541739bf6db7f276 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm 83a690e504f6470ffc4bce428ff09199 mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.8mdvmes5.1.x86_64.rpm fcef579e52e20393ffd2bbae00b602a8 mes5/x86_64/openssl-0.9.8h-3.8mdvmes5.1.x86_64.rpm aaa38cecee165e165beace7e0b02ecdf mes5/SRPMS/openssl-0.9.8h-3.8mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM49pvmqjQ0CJFipgRAs5xAKDhGJdpzq9ZF6TvhezjZR8zmOQAngCggDa1 vAfiUtuiMqw0BDS3V2tLk/I= =hDGj -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. The fix was developed by Dr Stephen Henson of the OpenSSL core team. This vulnerability is tracked as CVE-2010-3864 Who is affected? ================= All versions of OpenSSL supporting TLS extensions contain this vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases. Patch for OpenSSL 0.9.8 releases ================================ Index: ssl/t1_lib.c =================================================================== RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.13.2.27 diff -u -r1.13.2.27 t1_lib.c --- ssl/t1_lib.c 12 Jun 2010 13:18:58 -0000 1.13.2.27 +++ ssl/t1_lib.c 15 Nov 2010 15:20:14 -0000 @@ -432,14 +432,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -452,7 +461,8 @@ } else - s->servername_done = strlen(s->session->tlsext_hostname) == len + s->servername_done = s->session->tlsext_hostname + && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; break; Patch for OpenSSL 1.0.0 releases ================================ Index: ssl/t1_lib.c =================================================================== RCS file: /v/openssl/cvs/openssl/ssl/t1_lib.c,v retrieving revision 1.64.2.14 diff -u -r1.64.2.14 t1_lib.c --- ssl/t1_lib.c 15 Jun 2010 17:25:15 -0000 1.64.2.14 +++ ssl/t1_lib.c 15 Nov 2010 15:26:19 -0000 @@ -714,14 +714,23 @@ switch (servname_type) { case TLSEXT_NAMETYPE_host_name: - if (s->session->tlsext_hostname == NULL) + if (!s->hit) { - if (len > TLSEXT_MAXLEN_host_name || - ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) + if(s->session->tlsext_hostname) + { + *al = SSL_AD_DECODE_ERROR; + return 0; + } + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } + if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname[len]='\0'; if (strlen(s->session->tlsext_hostname) != len) { @@ -734,7 +743,8 @@ } else - s->servername_done = strlen(s->session->tlsext_hostname) == len + s->servername_done = s->session->tlsext_hostname + && strlen(s->session->tlsext_hostname) == len && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0; break; @@ -765,15 +775,22 @@ *al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + if (!s->hit) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ecpointformatlist) + { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = 0; + if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; + memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length); sdata = s->session->tlsext_ecpointformatlist; @@ -794,15 +811,22 @@ *al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ellipticcurvelist_length = 0; - if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist); - if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + if (!s->hit) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; + if(s->session->tlsext_ellipticcurvelist) + { + *al = TLS1_AD_DECODE_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = 0; + if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) + { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; + memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); } - s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length; - memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length); #if 0 fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length); sdata = s->session->tlsext_ellipticcurvelist; References =========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20101116.txt . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:10.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2010-11-29 Credits: Georgi Guninski, Rob Hulswit Affects: FreeBSD 7.0 and later Corrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE) 2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2) 2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6) 2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE) 2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4) 2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16) CVE Name: CVE-2010-2939, CVE-2010-3864 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. The race condition can lead to a buffer overflow. [CVE-2010-3864] A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939] III. [CVE-2010-3864]. It may be possible to cause a DoS or potentially execute arbitrary in the context of the user connection to a malicious SSL server. [CVE-2010-2939] IV. Workaround No workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0 and later. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.1, 7.3, 8.0 and 8.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch # fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc [FreeBSD 8.x] # fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libssl # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> 3) To update your vulnerable system via a binary patch: Systems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7_3 src/UPDATING 1.507.2.34.2.6 src/sys/conf/newvers.sh 1.72.2.16.2.8 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1.4.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.19 src/sys/conf/newvers.sh 1.72.2.9.2.20 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.2 RELENG_8_1 src/UPDATING 1.632.2.14.2.5 src/sys/conf/newvers.sh 1.83.2.10.2.6 src/crypto/openssl/ssl/s3_clnt.c 1.3.2.1.2.1 src/crypto/openssl/ssl/t1_lib.c 1.2.2.1.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.9 src/sys/conf/newvers.sh 1.83.2.6.2.9 src/crypto/openssl/ssl/s3_clnt.c 1.3.4.1 src/crypto/openssl/ssl/t1_lib.c 1.2.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r215997 releng/7.3/ r216063 releng/7.1/ r216063 stable/8/ r215912 releng/8.0/ r216063 releng/8.1/ r216063 - ------------------------------------------------------------------------- VII

Trust: 3.33

sources: NVD: CVE-2010-3864 // CERT/CC: VU#737740 // JVNDB: JVNDB-2010-002486 // BID: 44884 // VULMON: CVE-2010-3864 // PACKETSTORM: 98419 // PACKETSTORM: 101256 // PACKETSTORM: 105638 // PACKETSTORM: 96068 // PACKETSTORM: 95943 // PACKETSTORM: 95934 // PACKETSTORM: 96248

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:0.9.8l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8o

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8n

Trust: 1.0

vendor:efimodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:0.9.8p

Trust: 0.8

vendor:opensslmodel:opensslscope:ltversion:1.0.0b

Trust: 0.8

vendor:vmwaremodel:acescope: - version: -

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.0.3

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.8

vendor:vmwaremodel:esxiscope:eqversion:3.5

Trust: 0.8

vendor:vmwaremodel:esxiscope:eqversion:4.0

Trust: 0.8

vendor:vmwaremodel:esxiscope:eqversion:4.1

Trust: 0.8

vendor:vmwaremodel:fusionscope: - version: -

Trust: 0.8

vendor:vmwaremodel:playerscope: - version: -

Trust: 0.8

vendor:vmwaremodel:vcenterscope: - version: -

Trust: 0.8

vendor:vmwaremodel:workstationscope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:adobemodel:flash media serverscope:eqversion:3.5.5 before

Trust: 0.8

vendor:adobemodel:flash media serverscope:eqversion:4.0.1 before

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:sunmodel:opensolaris build snv 134scope: - version: -

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 41scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:8.3.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 131scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 56scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 38scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.3

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 126scope: - version: -

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.2

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:8

Trust: 0.3

vendor:sunmodel:opensolaris build snv 125scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:6.2

Trust: 0.3

vendor:vmwaremodel:esxi serverscope:eqversion:3.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 133scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8fscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 54scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 129scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:9.1.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0.4

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.1

Trust: 0.3

vendor:hpmodel:performance managerscope:eqversion:8.20

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 35scope: - version: -

Trust: 0.3

vendor:adobemodel:flash media serverscope:neversion:4.0.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.2.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 134ascope: - version: -

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:vmwaremodel:esx server esx410-201101201scope:neversion:4.1

Trust: 0.3

vendor:hpmodel:service health reporterscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.8

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:adobemodel:flash media serverscope:neversion:3.5.6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5300-06

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0bscope:neversion: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 130scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 121scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.4

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:neversion:9.3.2.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.12

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111ascope: - version: -

Trust: 0.3

vendor:hpmodel:service health optimizerscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:4.0.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0ascope: - version: -

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:3.5.4

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:hpmodel:performance managerscope:eqversion:8.21

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5200-10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 98scope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:vmwaremodel:esxi server esxi410-20110120scope:neversion:4.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:sunmodel:opensolaris build snv 117scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:netbsdmodel:netbsdscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 58scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 151ascope:neversion: -

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:sunmodel:opensolaris build snv 113scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.5

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:neversion:1.4-453

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 124scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 118scope: - version: -

Trust: 0.3

vendor:hpmodel:operations agentscope:eqversion:8.60.5

Trust: 0.3

vendor:stonesoftmodel:stonegate ssl vpn enginescope:eqversion:1.4.5

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8oscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 123scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.0

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:8.3.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 49scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:6.1

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:9.1.3

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 114scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 112scope: - version: -

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:8.3.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:neversion:9.2.5.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:hpmodel:operations agentscope:eqversion:8.60

Trust: 0.3

vendor:sunmodel:opensolaris build snv 119scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 128scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.3

vendor:hpmodel:operations agentscope:eqversion:11.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:9.1.1

Trust: 0.3

vendor:vmwaremodel:esxi serverscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 107scope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise sp1scope:eqversion:11

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:3.5.2

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8mscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8gscope: - version: -

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:8.3.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8pscope:neversion: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:susemodel:linux enterprisescope:eqversion:11

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.8

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.4

Trust: 0.3

vendor:hpmodel:operations managerscope:eqversion:8.60

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 110scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:sunmodel:opensolaris build snv 71scope: - version: -

Trust: 0.3

vendor:stonesoftmodel:stonegate ssl vpn engine buildscope:neversion:1.4.51519

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.11

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:8.3.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 108scope: - version: -

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:3.5.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 28scope: - version: -

Trust: 0.3

vendor:bluemodel:coat systems blue coat reporterscope:eqversion:8.3.7

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:3.5.1

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:sunmodel:opensolaris build snv 132scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.8

Trust: 0.3

vendor:sunmodel:opensolarisscope:eqversion:0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:11

Trust: 0.3

vendor:sunmodel:opensolaris build snv 48scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 137scope: - version: -

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.3

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.10

Trust: 0.3

vendor:hpmodel:operations managerscope:eqversion:8.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:3.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:hpmodel:operations agentscope:eqversion:11.01

Trust: 0.3

vendor:sunmodel:opensolaris build snv 37scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.3

vendor:adobemodel:flash media serverscope:eqversion:3.5.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 122scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 115scope: - version: -

Trust: 0.3

vendor:hpmodel:insight controlscope:neversion:6.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 109scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esxi serverscope:eqversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8nscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 74scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 120scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris svn 126scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 51scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 136scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.3

vendor:hpmodel:performance managerscope:eqversion:8.10

Trust: 0.3

vendor:hpmodel:performance agentscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8lscope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111bscope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.8

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:sunmodel:opensolaris snv 111bscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 116scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 127scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.9

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:9.10

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 135scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.8

Trust: 0.3

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.3

vendor:netbsdmodel:rc3scope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

sources: CERT/CC: VU#737740 // BID: 44884 // JVNDB: JVNDB-2010-002486 // NVD: CVE-2010-3864

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-3864
value: HIGH

Trust: 1.8

VULMON: CVE-2010-3864
value: HIGH

Trust: 0.1

NVD: CVE-2010-3864
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2010-3864 // JVNDB: JVNDB-2010-002486 // NVD: CVE-2010-3864

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.8

sources: JVNDB: JVNDB-2010-002486 // NVD: CVE-2010-3864

THREAT TYPE

network

Trust: 0.3

sources: BID: 44884

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 44884

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2010-3864

PATCH
title:APSB11-11url:http://www.adobe.com/support/security/bulletins/apsb11-11.html
Trust: 0.8
title:APSB11-11url:http://www.adobe.com/jp/support/security/bulletins/apsb11-11.html
Trust: 0.8
title:HT4723url:http://support.apple.com/kb/ht4723
Trust: 0.8
title:HPSBUX02638url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02737002
Trust: 0.8
title:secadv_20101116url:http://openssl.org/news/secadv_20101116.txt
Trust: 0.8
title:RHSA-2010:0888url:https://rhn.redhat.com/errata/rhsa-2010-0888.html
Trust: 0.8
title:VMSA-2011-0003url:http://www.vmware.com/security/advisories/vmsa-2011-0003.html
Trust: 0.8
title:Ubuntu Security Notice: openssl vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-1018-1
Trust: 0.1
title:Debian Security Advisories: DSA-2125-1 openssl -- buffer overflowurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=23cb8e933fce5e73fcc12f7bd731374b
Trust: 0.1
title:Symantec Security Advisories: SA68 : Multiple SSL/TLS vulnerabilities in Reporterurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=79f3486c7600ac3aeeb5401f9ee75fd3
Trust: 0.1
title:Splunk Security Announcements: Splunk 4.1.6 updates OpenSSL to 0.9.8p address CVE-2010-3864 - December 1st, 2010url:https://vulmon.com/vendoradvisory?qidtp=splunk_security_announcements&qid=a480dd0eb83fa64bb2d868edfd9943df
Trust: 0.1
title:VMware Security Advisories: url:https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=ea953b0a91a1816979ec1d304d5e3d93
Trust: 0.1
sources:
            
            
            VULMON: CVE-2010-3864 // 
            
            
            
            JVNDB: JVNDB-2010-002486

EXTERNAL IDS
db:NVDid:CVE-2010-3864
Trust: 2.9
db:CERT/CCid:VU#737740
Trust: 2.2
db:SECUNIAid:42243
Trust: 1.9
db:SECTRACKid:1024743
Trust: 1.8
db:SECUNIAid:42309
Trust: 1.1
db:SECUNIAid:43312
Trust: 1.1
db:SECUNIAid:44269
Trust: 1.1
db:SECUNIAid:42336
Trust: 1.1
db:SECUNIAid:42413
Trust: 1.1
db:SECUNIAid:57353
Trust: 1.1
db:SECUNIAid:42241
Trust: 1.1
db:SECUNIAid:42397
Trust: 1.1
db:SECUNIAid:42352
Trust: 1.1
db:BIDid:44884
Trust: 1.1
db:VUPENid:ADV-2010-3077
Trust: 1.0
db:VUPENid:ADV-2010-3097
Trust: 1.0
db:VUPENid:ADV-2010-3121
Trust: 1.0
db:VUPENid:ADV-2010-3041
Trust: 1.0
db:VUPENid:ADV-2010-3001
Trust: 0.8
db:JVNid:JVNVU91284469
Trust: 0.8
db:JVNDBid:JVNDB-2010-002486
Trust: 0.8
db:VUPENid:2010/3097
Trust: 0.1
db:VUPENid:2010/3121
Trust: 0.1
db:VUPENid:2010/3041
Trust: 0.1
db:VUPENid:2010/3077
Trust: 0.1
db:VULMONid:CVE-2010-3864
Trust: 0.1
db:PACKETSTORMid:98419
Trust: 0.1
db:PACKETSTORMid:101256
Trust: 0.1
db:PACKETSTORMid:105638
Trust: 0.1
db:PACKETSTORMid:96068
Trust: 0.1
db:PACKETSTORMid:95943
Trust: 0.1
db:PACKETSTORMid:95934
Trust: 0.1
db:PACKETSTORMid:96248
Trust: 0.1
sources:
            
            
            CERT/CC: VU#737740 // 
            
            
            
            VULMON: CVE-2010-3864 // 
            
            
            
            BID: 44884 // 
            
            
            
            JVNDB: JVNDB-2010-002486 // 
            
            
            
            PACKETSTORM: 98419 // 
            
            
            
            PACKETSTORM: 101256 // 
            
            
            
            PACKETSTORM: 105638 // 
            
            
            
            PACKETSTORM: 96068 // 
            
            
            
            PACKETSTORM: 95943 // 
            
            
            
            PACKETSTORM: 95934 // 
            
            
            
            PACKETSTORM: 96248 // 
            
            
            
            NVD: CVE-2010-3864

REFERENCES
url:http://secunia.com/advisories/42243
Trust: 1.9
url:http://securitytracker.com/id?1024743
Trust: 1.9
url:http://www.kb.cert.org/vuls/id/737740
Trust: 1.5
url:https://rhn.redhat.com/errata/rhsa-2010-0888.html
Trust: 1.4
url:http://blogs.sun.com/security/entry/cve_2010_3864_race_condition
Trust: 1.4
url:http://www.adobe.com/support/security/bulletins/apsb11-11.html
Trust: 1.4
url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564
Trust: 1.4
url:http://openssl.org/news/secadv_20101116.txt
Trust: 1.2
url:https://bugzilla.redhat.com/show_bug.cgi?id=649304
Trust: 1.2
url:http://security.freebsd.org/advisories/freebsd-sa-10:10.openssl.asc
Trust: 1.2
url:http://w3.efi.com/fiery
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051255.html
Trust: 1.1
url:http://secunia.com/advisories/42336
Trust: 1.1
url:http://secunia.com/advisories/42352
Trust: 1.1
url:http://secunia.com/advisories/42397
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051237.html
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-november/051170.html
Trust: 1.1
url:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793
Trust: 1.1
url:http://secunia.com/advisories/42309
Trust: 1.1
url:http://www.debian.org/security/2010/dsa-2125
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3121
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3041
Trust: 1.1
url:http://secunia.com/advisories/42413
Trust: 1.1
url:http://secunia.com/advisories/42241
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3097
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3077
Trust: 1.1
url:http://www.vmware.com/security/advisories/vmsa-2011-0003.html
Trust: 1.1
url:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000101.html
Trust: 1.1
url:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000102.html
Trust: 1.1
url:http://secunia.com/advisories/43312
Trust: 1.1
url:http://secunia.com/advisories/44269
Trust: 1.1
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777
Trust: 1.1
url:http://support.apple.com/kb/ht4723
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=132828103218869&w=2
Trust: 1.1
url:http://secunia.com/advisories/57353
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=129916880600544&w=2
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=130497251507577&w=2
Trust: 1.1
url:http://www.securityfocus.com/archive/1/516397/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864
Trust: 1.1
url:http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260&operatingsystem=win7x64
Trust: 0.8
url:https://www.openssl.org/news/vulnerabilities.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu976710
Trust: 0.8
url:http://jvn.jp/cert/jvnvu91284469/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3864
Trust: 0.8
url:http://www.securityfocus.com/bid/44884
Trust: 0.8
url:http://www.vupen.com/english/advisories/2010/3001
Trust: 0.8
url:http://www.openssl.org/news/secadv_20101116.txt
Trust: 0.5
url:https://nvd.nist.gov/vuln/detail/cve-2010-3864
Trust: 0.5
url:https://my.stonesoft.com/support/attachment.do?docid=6410&file=ssl-vpn_1.4.5-rlnt.pdf
Trust: 0.3
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03179825
Trust: 0.3
url:http://www.ibm.com/support/docview.wss?uid=isg400001530
Trust: 0.3
url:http://www.ibm.com/support/docview.wss?uid=isg400001529
Trust: 0.3
url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us
Trust: 0.3
url:https://kb.bluecoat.com/index?page=content&id=sa68
Trust: 0.3
url:http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2010-012.txt.asc
Trust: 0.3
url:http://openssl.org/
Trust: 0.3
url:http://www.ibm.com/support/docview.wss?uid=swg21637929
Trust: 0.3
url:https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us
Trust: 0.3
url:/archive/1/516801
Trust: 0.3
url:http://support.avaya.com/css/p8/documents/100131810
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21650623
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21643698
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e
Trust: 0.3
url:http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21638022
Trust: 0.3
url:https://www.ibm.com/support/docview.wss?uid=swg21619837
Trust: 0.3
url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=isg400001560
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg24030251
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg24033501
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21643442
Trust: 0.3
url:https://www-304.ibm.com/support/docview.wss?uid=swg21625170
Trust: 0.3
url:https://www-304.ibm.com/support/docview.wss?uid=swg21627934
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21633107
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21635888
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21638669
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21638670
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21643439
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21643437
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21643316
Trust: 0.3
url:http://secunia.com/
Trust: 0.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939
Trust: 0.2
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/362.html
Trust: 0.1
url:https://usn.ubuntu.com/1018-1/
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0085
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088
Trust: 0.1
url:http://kb.vmware.com/kb/1027919
Trust: 0.1
url:http://kb.vmware.com/kb/1055
Trust: 0.1
url:http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548
Trust: 0.1
url:http://kb.vmware.com/kb/1031330
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0084
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0091
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0089
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0086
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0003
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106
Trust: 0.1
url:http://www.vmware.com/support/policies/eos_vi.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0107
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901
Trust: 0.1
url:http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565
Trust: 0.1
url:http://kb.vmware.com/kb/1027904
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0093
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842
Trust: 0.1
url:http://www.vmware.com/support/policies/eos.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0082
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886
Trust: 0.1
url:http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157
Trust: 0.1
url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-3825
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-5416
Trust: 0.1
url:http://www.vmware.com/security/advisories
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-1384
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0008
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0088
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4308
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0007
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568
Trust: 0.1
url:http://www.vmware.com/support/policies/security_response.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0092
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3555
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0094
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844
Trust: 0.1
url:http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3548
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-2902
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0087
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-2693
Trust: 0.1
url:http://kb.vmware.com/kb/1029353
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0085
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2008-0106
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0095
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0090
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-2901
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-4180
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-0014
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-4252
Trust: 0.1
url:http://www.itrc.hp.com/service/cki/secbullarchive.do
Trust: 0.1
url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc
Trust: 0.1
url:http://h30046.www3.hp.com/subsignin.php
Trust: 0.1
url:http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:http://security.gentoo.org/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3245
Trust: 0.1
url:http://security.gentoo.org/glsa/glsa-201110-01.xml
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4355
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb
Trust: 0.1
url:http://www.debian.org/security/faq
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb
Trust: 0.1
url:http://packages.debian.org/<pkg>
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb
Trust: 0.1
url:http://security.debian.org/
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb
Trust: 0.1
url:http://www.debian.org/security/
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb
Trust: 0.1
url:http://www.mandriva.com/security/
Trust: 0.1
url:http://store.mandriva.com/product_info.php?cpath=149&products_id=490
Trust: 0.1
url:http://www.mandriva.com/security/advisories
Trust: 0.1
url:http://security.freebsd.org/patches/sa-10:10/openssl.patch
Trust: 0.1
url:http://www.freebsd.org/handbook/makeworld.html>
Trust: 0.1
url:http://security.freebsd.org/>.
Trust: 0.1
url:http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html
Trust: 0.1
url:http://security.freebsd.org/patches/sa-10:10/openssl7.patch
Trust: 0.1
url:http://security.freebsd.org/patches/sa-10:10/openssl7.patch.asc
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2939
Trust: 0.1
url:http://security.freebsd.org/patches/sa-10:10/openssl.patch.asc
Trust: 0.1
sources:
            
            
            CERT/CC: VU#737740 // 
            
            
            
            VULMON: CVE-2010-3864 // 
            
            
            
            BID: 44884 // 
            
            
            
            JVNDB: JVNDB-2010-002486 // 
            
            
            
            PACKETSTORM: 98419 // 
            
            
            
            PACKETSTORM: 101256 // 
            
            
            
            PACKETSTORM: 105638 // 
            
            
            
            PACKETSTORM: 96068 // 
            
            
            
            PACKETSTORM: 95943 // 
            
            
            
            PACKETSTORM: 95934 // 
            
            
            
            PACKETSTORM: 96248 // 
            
            
            
            NVD: CVE-2010-3864

CREDITS
Rob Hulswit.
Trust: 0.3
sources:
            
            
            BID: 44884

SOURCES
db:CERT/CCid:VU#737740
db:VULMONid:CVE-2010-3864
db:BIDid:44884
db:JVNDBid:JVNDB-2010-002486
db:PACKETSTORMid:98419
db:PACKETSTORMid:101256
db:PACKETSTORMid:105638
db:PACKETSTORMid:96068
db:PACKETSTORMid:95943
db:PACKETSTORMid:95934
db:PACKETSTORMid:96248
db:NVDid:CVE-2010-3864

LAST UPDATE DATE
2022-06-28T21:16:16.795000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#737740date:2013-05-02T00:00:00
db:VULMONid:CVE-2010-3864date:2018-10-10T00:00:00
db:BIDid:44884date:2015-04-13T20:36:00
db:JVNDBid:JVNDB-2010-002486date:2012-06-20T00:00:00
db:NVDid:CVE-2010-3864date:2018-10-10T20:05:00

SOURCES RELEASE DATE
db:CERT/CCid:VU#737740date:2013-03-18T00:00:00
db:VULMONid:CVE-2010-3864date:2010-11-17T00:00:00
db:BIDid:44884date:2010-11-16T00:00:00
db:JVNDBid:JVNDB-2010-002486date:2010-12-14T00:00:00
db:PACKETSTORMid:98419date:2011-02-11T13:13:00
db:PACKETSTORMid:101256date:2011-05-10T00:44:30
db:PACKETSTORMid:105638date:2011-10-09T16:42:00
db:PACKETSTORMid:96068date:2010-11-23T19:08:44
db:PACKETSTORMid:95943date:2010-11-18T01:04:10
db:PACKETSTORMid:95934date:2010-11-18T00:30:27
db:PACKETSTORMid:96248date:2010-12-01T04:32:28
db:NVDid:CVE-2010-3864date:2010-11-17T16:00:00