ID

VAR-201408-0082


CVE

CVE-2014-3512


TITLE

OpenSSL SRP Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201408-129

DESCRIPTION

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter. OpenSSL is prone to a denial-of-service vulnerability. Attackers may exploit this issue to overrun an internal buffer, resulting in a denial-of-service condition. OpenSSL 1.0.1 versions prior to 1.0.1i are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04595951 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04595951 Version: 1 HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-03-13 Last Updated: 2015-03-13 Potential Security Impact: Remote Denial of Service (DoS), code execution, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including: - The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. - The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in Denial of Service (DoS) or execution of code. References: CVE-2009-3555 Unauthorized Modification CVE-2014-0160 Heartbleed - Disclosure of Information CVE-2014-0195 Remote Code Execution, Denial of Service (DoS) CVE-2014-3505 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3506 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3507 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3508 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3509 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3510 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3511 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3512 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3566 POODLE - Remote Disclosure of Information CVE-2014-5139 Shellshock - Remote Denial of Service (DoS) SSRT101846 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Virtual Connect 8Gb 24-Port FC Module prior to version 3.00 (VC 4.40) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3505 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3506 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3507 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3508 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-3509 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3510 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-3511 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-3512 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-5139 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released the following software update to resolve the vulnerabilities in HP Virtual Connect 8Gb 24-Port FC Module HP Virtual Connect 8Gb 24-Port FC Module version 3.00 (VC 4.40) HISTORY Version:1 (rev.1) - 13 March 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:18.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2014-09-09 Affects: All supported versions of FreeBSD. Corrected: 2014-08-07 21:04:42 UTC (stable/10, 10.0-STABLE) 2014-09-09 10:09:46 UTC (releng/10.0, 10.0-RELEASE-p8) 2014-08-07 21:06:34 UTC (stable/9, 9.3-STABLE) 2014-09-09 10:13:46 UTC (releng/9.3, 9.3-RELEASE-p1) 2014-09-09 10:13:46 UTC (releng/9.2, 9.2-RELEASE-p11) 2014-09-09 10:13:46 UTC (releng/9.1, 9.1-RELEASE-p18) 2014-08-07 21:06:34 UTC (stable/8, 8.4-STABLE) 2014-09-09 10:13:46 UTC (releng/8.4, 8.4-RELEASE-p15) CVE Name: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. [CVE-2014-5139] III. Impact A remote attacker may be able to cause a denial of service (application crash, large memory consumption), obtain additional information, cause protocol downgrade. Additionally, a remote attacker may be able to run arbitrary code on a vulnerable system if the application has been set up for SRP. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.0] # fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch # fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-10.0.patch.asc # gpg --verify openssl-10.0.patch.asc [FreeBSD 9.3] # fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch # fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.3.patch.asc # gpg --verify openssl-9.3.patch.asc [FreeBSD 9.2, 9.1, 8.4] # fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch # fetch http://security.FreeBSD.org/patches/SA-14:18/openssl-9.patch.asc # gpg --verify openssl-9.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/8/ r269687 releng/8.4/ r271305 stable/9/ r269687 releng/9.1/ r271305 releng/9.2/ r271305 releng/9.3/ r271305 stable/10/ r269686 releng/10.0/ r271304 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://www.openssl.org/news/secadv_20140806.txt> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139> The latest revision of this advisory is available at <URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:18.openssl.asc> -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUDtUBAAoJEO1n7NZdz2rnOUoP/jNoEEPVt1RoVPQoOQc6vno5 2HXcCDsu0ql3kCNIIZ7E6TddfduzV04EMzBrIgulg7eXft+Lnx6HlEgJOo7QLImc aWLWxjcbyby6wrbYOc+FLK11yx9/uZJF0VCdSeyzhy0EFD3tOZPsDMXKZmG7FRkg 6A7ENJU25Mx8V1myzHw/VfDwAHCtXHliFVVE0CUku55pYnlhMeetu/wuB6KYbmgV 1WUamiHEGl4Dh4Up7nGHYYm32kqZLaE+cf1Ovc2VGT98ZyXmCgDB4+8kkA/HZxxp DRgQlojeQhahee5MmzD+wMJXlq6dekoo+JVf22+Nb+oNmlKT6/UxtUhCwW11MLUV rnOMr3u1JCNvBc+3KroSmtFeEtqh7jx3Ag4w8lS5mJO+wX1/lilbsFxSS/9G65fy LqHUQSxkuDJ1bNzPfKreBPyUmQlG5t/3DonIDCF9r3sefDN+kxqe1+RwjdNRM0ov V7OH/AW1NBQtV/F/h0tKCcskvcJo9Q+inAohheLPnWkFj7F2tLNt5TAxsGy7WvFZ MuQSAXpZkdh7OkhAhBM3Xk+EOv7Qk7zZL5HJ1Lpm6kfJ8wSb4etoUV7oELaDMBz8 +9r+Vr9GtjSsec2a4tjNIixZKV9bzEhgKP5gsWD/JewhAzF+0bYNa9snOWxzpAYb j+eW9IT7pEAJK9DtIsDd =f4To -----END PGP SIGNATURE----- . All applications linked to openssl need to be restarted. Alternatively, you may reboot your system. For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u12. For the testing distribution (jessie), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.0.1i-1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 26, 2014 Bugs: #494816, #519264, #525468 ID: 201412-39 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in Denial of Service or Man-in-the-Middle attacks. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.1j *>= 0.9.8z_p2 >= 1.0.1j Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Resolution ========== All OpenSSL 1.0.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1j" All OpenSSL 0.9.8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p2" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages. References ========== [ 1 ] CVE-2013-6449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6449 [ 2 ] CVE-2013-6450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6450 [ 3 ] CVE-2014-3505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3505 [ 4 ] CVE-2014-3506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3506 [ 5 ] CVE-2014-3507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3507 [ 6 ] CVE-2014-3509 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3509 [ 7 ] CVE-2014-3510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3510 [ 8 ] CVE-2014-3511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3511 [ 9 ] CVE-2014-3512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3512 [ 10 ] CVE-2014-3513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3513 [ 11 ] CVE-2014-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3567 [ 12 ] CVE-2014-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3568 [ 13 ] CVE-2014-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5139 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-39.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2308-1 August 07, 2014 openssl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. (CVE-2014-3506) Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS fragments. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. When OpenSSL is used with certain applications, an attacker may use this issue to possibly gain access to sensitive information. (CVE-2014-3508) Gabor Tyukasz discovered that OpenSSL contained a race condition when processing serverhello messages. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3509) Felix Gr=C3=B6bert discovered that OpenSSL incorrectly handled certain DTLS handshake messages. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-5139) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.5 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.17 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.20 After a standard system update you need to reboot your computer to make all the necessary changes. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz: Upgraded. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zb-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zb-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zb-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zb-i486-1_slack13.37.txz Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zb-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1i-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1i-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1i-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1i-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1i-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1i-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1i-i486-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1i-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1i-x86_64-1.txz MD5 signatures: +-------------+ Slackware 13.0 packages: 30bdc015b10d8891b90d3f6ea34f5fdd openssl-0.9.8zb-i486-1_slack13.0.txz 3dc4140c22c04c94e5e74386a5a1c200 openssl-solibs-0.9.8zb-i486-1_slack13.0.txz Slackware x86_64 13.0 packages: 3da32f51273762d67bf9dbcc91af9413 openssl-0.9.8zb-x86_64-1_slack13.0.txz 075e5d12e5b909ecac923cb210f83544 openssl-solibs-0.9.8zb-x86_64-1_slack13.0.txz Slackware 13.1 packages: 3b7e2bb2b317bf72b8f9b2b7a14bddfb openssl-0.9.8zb-i486-1_slack13.1.txz 92af0784eade0674332a56bfab73b97d openssl-solibs-0.9.8zb-i486-1_slack13.1.txz Slackware x86_64 13.1 packages: df5f961109d7b50971660ca6a7d4c48c openssl-0.9.8zb-x86_64-1_slack13.1.txz 582aaeae3d56730a2e1538a67d4e44da openssl-solibs-0.9.8zb-x86_64-1_slack13.1.txz Slackware 13.37 packages: 546445d56d3b367fa0dd4e80859c4620 openssl-0.9.8zb-i486-1_slack13.37.txz b80e9df8cdd0649939ec2fab20d24691 openssl-solibs-0.9.8zb-i486-1_slack13.37.txz Slackware x86_64 13.37 packages: 9c9ce97dc21340924a3e27c1a8047023 openssl-0.9.8zb-x86_64-1_slack13.37.txz 0fe1931f2fc82fb8d5fbe72680caf843 openssl-solibs-0.9.8zb-x86_64-1_slack13.37.txz Slackware 14.0 packages: d1580f4b22b99cee42b22276653c8180 openssl-1.0.1i-i486-1_slack14.0.txz ec93cec2bcab8ae7391a504573cbc231 openssl-solibs-1.0.1i-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 329475de3759225b1d02aa7317b2eb58 openssl-1.0.1i-x86_64-1_slack14.0.txz 25f2a198022d974534986a3913ca705c openssl-solibs-1.0.1i-x86_64-1_slack14.0.txz Slackware 14.1 packages: 8336457bc31d44ebf502ffc4443f12f7 openssl-1.0.1i-i486-1_slack14.1.txz 4b99ac357fbd3065c53367eea246b8c7 openssl-solibs-1.0.1i-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: f2b8f81d9d7dc02e5d1011f663ccc95d openssl-1.0.1i-x86_64-1_slack14.1.txz 4360abffbb57cb18ba0720f782d78250 openssl-solibs-1.0.1i-x86_64-1_slack14.1.txz Slackware -current packages: 49ecd332a899cf742d3467a6efe44269 a/openssl-solibs-1.0.1i-i486-1.txz 27da017c49045981b1793f105aff365f n/openssl-1.0.1i-i486-1.txz Slackware x86_64 -current packages: 8d74f3d770802182137c84d925f58cbc a/openssl-solibs-1.0.1i-x86_64-1.txz fd9d94d3210f0aedf74959cb0887e2b8 n/openssl-1.0.1i-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.1i-i486-1_slack14.1.txz openssl-solibs-1.0.1i-i486-1_slack14.1.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [6 Aug 2014] ======================================== Information leak in pretty printing functions (CVE-2014-3508) ============================================================= A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n. OpenSSL 1.0.1 users should upgrade to 1.0.1i. Thanks to Ivan Fratric (Google) for discovering this issue. This issue was reported to OpenSSL on 19th June 2014. The fix was developed by Emilia Käsper and Stephen Henson of the OpenSSL development team. Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) ================================================================== The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for discovering and researching this issue. This issue was reported to OpenSSL on 2nd July 2014. The fix was developed by Stephen Henson of the OpenSSL core team. Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) ============================================================== If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. OpenSSL 1.0.0 SSL/TLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 SSL/TLS client users should upgrade to 1.0.1i. Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this issue. This issue was reported to OpenSSL on 8th July 2014. The fix was developed by Gabor Tyukasz. Double Free when processing DTLS packets (CVE-2014-3505) ======================================================== An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. Thanks to Adam Langley and Wan-Teh Chang (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014. The fix was developed by Adam Langley. DTLS memory exhaustion (CVE-2014-3506) ====================================== An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014. The fix was developed by Adam Langley. DTLS memory leak from zero-length fragments (CVE-2014-3507) =========================================================== By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1i. Thanks to Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 6th June 2014. The fix was developed by Adam Langley. OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) =============================================================== OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages. OpenSSL 0.9.8 DTLS client users should upgrade to 0.9.8zb OpenSSL 1.0.0 DTLS client users should upgrade to 1.0.0n. OpenSSL 1.0.1 DTLS client users should upgrade to 1.0.1i. Thanks to Felix Gröbert (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 18th July 2014. The fix was developed by Emilia Käsper of the OpenSSL development team. OpenSSL TLS protocol downgrade attack (CVE-2014-3511) ===================================================== A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records. OpenSSL 1.0.1 SSL/TLS server users should upgrade to 1.0.1i. Thanks to David Benjamin and Adam Langley (Google) for discovering and researching this issue. This issue was reported to OpenSSL on 21st July 2014. The fix was developed by David Benjamin. SRP buffer overrun (CVE-2014-3512) ================================== A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected. OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1i. Thanks to Sean Devlin and Watson Ladd (Cryptography Services, NCC Group) for discovering this issue. This issue was reported to OpenSSL on 31st July 2014. The fix was developed by Stephen Henson of the OpenSSL core team. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20140806.txt Note: the online version of the advisory may be updated with additional details over time

Trust: 1.89

sources: NVD: CVE-2014-3512 // BID: 69083 // VULMON: CVE-2014-3512 // PACKETSTORM: 130868 // PACKETSTORM: 128214 // PACKETSTORM: 127803 // PACKETSTORM: 129721 // PACKETSTORM: 127790 // PACKETSTORM: 127811 // PACKETSTORM: 169648

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:1.0.0h

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0m

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0l

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0i

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0f

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0e

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0g

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0k

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.0j

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:1.0.1f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.1

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0c

Trust: 1.0

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:upward integration modules for vmware vspherescope:eqversion:3.5

Trust: 0.3

vendor:freebsdmodel:8.4-release-p12scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san pass-thruscope:eqversion:9.1.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:10.0-betascope: - version: -

Trust: 0.3

vendor:ibmmodel:upward integration modules scvmm add-inscope:neversion:1.0.3

Trust: 0.3

vendor:freebsdmodel:-release-p2scope:eqversion:7.1

Trust: 0.3

vendor:hpmodel:virtual connect 8gb 24-port fc modulescope:neversion:3.0

Trust: 0.3

vendor:freebsdmodel:alphascope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool system service monitor fp1scope:eqversion:4.0.0

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:9.1-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p15scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.8

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1escope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:i v5r4scope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1ascope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.0

Trust: 0.3

vendor:freebsdmodel:8.1-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:oncommand unified manager core packagescope:eqversion:1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:9.2-release-p11scope:neversion: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:i v5r3scope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:proventia network security controllerscope:eqversion:1.0.470

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.4

Trust: 0.3

vendor:hpmodel:virtual connect 8gb 24-port fc modulescope:eqversion:2.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:clustered data ontap antivirus connectorscope:eqversion:1.0.3

Trust: 0.3

vendor:ibmmodel:tivoli netcool/reporterscope:eqversion:2.2

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:3.5.1

Trust: 0.3

vendor:ibmmodel:vios fp-25 sp-02scope:eqversion:2.2.1.4

Trust: 0.3

vendor:freebsdmodel:9.1-release-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.3-release-p16scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.2

Trust: 0.3

vendor:ibmmodel:sametimescope:eqversion:9.0.0.1

Trust: 0.3

vendor:freebsdmodel:7.3-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.4-release-p9scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:upward integration modules for vmware vspherescope:eqversion:3.0.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.6.2

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.2

Trust: 0.3

vendor:freebsdmodel:7.1-relengscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:data ontap smi-s agentscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.8

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.8

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.3

Trust: 0.3

vendor:freebsdmodel:-release-p5scope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switchscope:eqversion:9.1

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:3.5.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:release-p4scope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.1.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1gscope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.4

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:freebsdmodel:10.0-release-p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:clustered data ontap antivirus connectorscope:neversion:1.0.2

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:9.1-rc2scope: - version: -

Trust: 0.3

vendor:ibmmodel:rational application developer for webspherescope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.9

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:3.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.4

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.7

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:-release/alphascope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:8.2-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.1

Trust: 0.3

vendor:freebsdmodel:9.2-release-p8scope: - version: -

Trust: 0.3

vendor:junipermodel:junos os 14.2r1scope: - version: -

Trust: 0.3

vendor:f5model:lineratescope:eqversion:2.4

Trust: 0.3

vendor:ibmmodel:oncommand unified manager core packagescope:eqversion:5

Trust: 0.3

vendor:freebsdmodel:2-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:9.1--relengscope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for os deploymentscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.2

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:proventia network security controller 1.0.3352mscope: - version: -

Trust: 0.3

vendor:freebsdmodel:6.3-release-p10scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0

Trust: 0.3

vendor:freebsdmodel:9.3-beta3-p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-release-p20scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:7.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:image construction and composition toolscope:eqversion:2.2.1.1

Trust: 0.3

vendor:freebsdmodel:-release-p8scope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:9.0-release-p6scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p14scope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.6.2

Trust: 0.3

vendor:freebsdmodel:-stablepre2001-07-20scope:eqversion:3.5.1

Trust: 0.3

vendor:ibmmodel:upward integration modules for microsoft system centerscope:eqversion:5.5.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:8.3-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:6.3-release-p11scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.14

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.0.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.2

Trust: 0.3

vendor:freebsdmodel:9.2-rc2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:7.2-rc2scope: - version: -

Trust: 0.3

vendor:ibmmodel:sametimescope:eqversion:8.5.2.1

Trust: 0.3

vendor:hpmodel:virtual connect 8gb 24-port fc modulescope:eqversion:1.0

Trust: 0.3

vendor:freebsdmodel:7.0-release-p12scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.0-rc3scope: - version: -

Trust: 0.3

vendor:ibmmodel:upward integration modules for microsoft system centerscope:neversion:5.5.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:open systems snapvaultscope:eqversion:3.0

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.3

Trust: 0.3

vendor:junipermodel:junos os 13.3r4scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.11

Trust: 0.3

vendor:ibmmodel:upward integration modules hardware management packscope:eqversion:5.5.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.1

Trust: 0.3

vendor:ibmmodel:upward integration modules for microsoft system centerscope:eqversion:5.0.2

Trust: 0.3

vendor:freebsdmodel:-release-p3scope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:oncommand unified manager core packagescope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:upward integration modules integrated installerscope:eqversion:5.5.2

Trust: 0.3

vendor:freebsdmodel:9.1-release-p12scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.1-release-p4scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:7.0-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:1.1.0.3

Trust: 0.3

vendor:freebsdmodel:rc2scope:eqversion:9.2

Trust: 0.3

vendor:freebsdmodel:9.0-rc1scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:upward integration modules for microsoft system centerscope:eqversion:5.5.1

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:7.2-release-p4scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-stablepre122300scope:eqversion:4.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.2x

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.13

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:7.1-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-release-p8scope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:8.4-release-p8scope: - version: -

Trust: 0.3

vendor:freebsdmodel:prereleasescope:eqversion:9.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:eqversion:7.0.2

Trust: 0.3

vendor:freebsdmodel:8.1-release-p5scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.6.2

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.0.x

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:9.3-rcscope: - version: -

Trust: 0.3

vendor:ibmmodel:snapdrive for unixscope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:9.3-beta1scope: - version: -

Trust: 0.3

vendor:ibmmodel:data ontap smi-s agentscope:eqversion:5.1.1

Trust: 0.3

vendor:freebsdmodel:8.4-release-p13scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:7.1-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:neversion:7.1.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:10.0-rc3-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.7

Trust: 0.3

vendor:freebsdmodel:-pre-releasescope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.2

Trust: 0.3

vendor:ibmmodel:rational application developer for webspherescope:eqversion:9.1.0.1

Trust: 0.3

vendor:freebsdmodel:8.0-releasescope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switchscope:eqversion:9.1.3

Trust: 0.3

vendor:freebsdmodel:9.3-stablescope:neversion: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:9.2-rc2-p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:9.2-release-p7scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.3-release-p15scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1cscope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.1-release-p11scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:9.1-release-p16scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.3

Trust: 0.3

vendor:freebsdmodel:-release-p3scope:eqversion:7.4

Trust: 0.3

vendor:freebsdmodel:7.3-release-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.5

Trust: 0.3

vendor:freebsdmodel:7.2-prereleasescope: - version: -

Trust: 0.3

vendor:ibmmodel:data ontap smi-s agentscope:neversion:5.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.3x

Trust: 0.3

vendor:freebsdmodel:9.3-rc2-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.3-release-p8scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:-stablepre2002-03-07scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.3

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1fscope: - version: -

Trust: 0.3

vendor:ibmmodel:oncommand workflow automationscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:upward integration modules for vmware vspherescope:eqversion:3.0.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:gpfs for windowsscope:eqversion:3.5.0.11

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:1.2

Trust: 0.3

vendor:freebsdmodel:8.3-release-p11scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.6.1

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for imagesscope:eqversion:7.1.1.0

Trust: 0.3

vendor:ibmmodel:upward integration modules for microsoft system centerscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:upward integration modules scvmm add-inscope:eqversion:1.0.2

Trust: 0.3

vendor:freebsdmodel:7.2-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.3

Trust: 0.3

vendor:ibmmodel:sametimescope:eqversion:9.0.0.0

Trust: 0.3

vendor:freebsdmodel:8.3-relengscope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.2-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.3-releasescope: - version: -

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:neversion:1.1.0.7

Trust: 0.3

vendor:freebsdmodel:6.4-release-p11scope: - version: -

Trust: 0.3

vendor:ibmmodel:oncommand workflow automationscope:neversion:3.0

Trust: 0.3

vendor:ibmmodel:oncommand unified manager core package 5.2.1p1scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.0

Trust: 0.3

vendor:freebsdmodel:8.4-release-p11scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p9scope:eqversion:6.3

Trust: 0.3

vendor:freebsdmodel:7.4-release-p12scope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:alphascope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:8.3-release-p14scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p3scope:eqversion:6.4

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:10.0-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.1-release-p7scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.3

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.1.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:freebsdmodel:9.1-release-p17scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:upward integration modules for vmware vspherescope:neversion:3.5.3

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san pass-thruscope:eqversion:9.1.2

Trust: 0.3

vendor:ibmmodel:open systems snapvault 3.0.1p6scope:neversion: -

Trust: 0.3

vendor:ibmmodel:snapdrive for unixscope:eqversion:5.2.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-release-p1scope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:9.3-beta1-p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:watson explorer securityscope:eqversion:8.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:8-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p6scope:eqversion:6.3

Trust: 0.3

vendor:freebsdmodel:8.4-rc1-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p5scope:eqversion:5.1

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san pass-thruscope:eqversion:9.1.1

Trust: 0.3

vendor:freebsdmodel:8.1-release-p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:freebsdmodel:8.0-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.1-release-p6scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.0

Trust: 0.3

vendor:freebsdmodel:-stablepre050201scope:eqversion:4.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:8.4-release-p14scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p9scope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.2-

Trust: 0.3

vendor:freebsdmodel:9.1-release-p18scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.2

Trust: 0.3

vendor:junipermodel:junos os 14.1r2-s2scope: - version: -

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san pass-thruscope:eqversion:9.1

Trust: 0.3

vendor:freebsdmodel:10.0-release-p4scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.3-relengscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1iscope:neversion: -

Trust: 0.3

vendor:ibmmodel:i v5r4scope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.4x

Trust: 0.3

vendor:ibmmodel:image construction and composition toolscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.0.x

Trust: 0.3

vendor:junipermodel:junos os 13.3r3-s2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:7.4-relengscope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.0

Trust: 0.3

vendor:freebsdmodel:10.0-release-p6scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli netcool system service monitor fp1scope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:i v5r3scope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.6

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:9.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.7

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.3

Trust: 0.3

vendor:freebsdmodel:6.4-release-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:10.0-release-p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:i v5r4scope:eqversion:7.2

Trust: 0.3

vendor:freebsdmodel:9.1-release-p15scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.10

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.3

Trust: 0.3

vendor:freebsdmodel:7.0-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:1.1.5.1

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.5.1

Trust: 0.3

vendor:freebsdmodel:8.2-release-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:eqversion:7.0.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:i v5r3scope:eqversion:7.2

Trust: 0.3

vendor:freebsdmodel:9.3-prereleasescope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.6.2

Trust: 0.3

vendor:freebsdmodel:8.3-release-p6scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:6.4-release-p4scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.3

Trust: 0.3

vendor:freebsdmodel:9.2-relengscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.6.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.5x

Trust: 0.3

vendor:freebsdmodel:8.4-relengscope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:-release-p7scope:eqversion:4.8

Trust: 0.3

vendor:freebsdmodel:-release-p32scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.10

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:7.0-releasescope: - version: -

Trust: 0.3

vendor:ibmmodel:upward integration modules hardware management packscope:neversion:5.5.3

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.6

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.4

Trust: 0.3

vendor:ibmmodel:upward integration modules integrated installerscope:neversion:5.5.3

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.2

Trust: 0.3

vendor:freebsdmodel:-release-p20scope:eqversion:4.11

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:10.0-release-p8scope:neversion: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:puredata system for operational analyticsscope:eqversion:1.0

Trust: 0.3

vendor:freebsdmodel:8.1-releasescope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:1.1.0.6

Trust: 0.3

vendor:freebsdmodel:8.4-rc2-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.3-rc2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.1x

Trust: 0.3

vendor:ibmmodel:watson explorer securityscope:eqversion:9.0

Trust: 0.3

vendor:freebsdmodel:9.3-rc3-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.0--relengscope: - version: -

Trust: 0.3

vendor:ibmmodel:data ontap smi-s agentscope:eqversion:5.1.2

Trust: 0.3

vendor:freebsdmodel:9.2-rc1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:7.4-release-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.0.x

Trust: 0.3

vendor:freebsdmodel:9.0-relengscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:rc1scope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.2

Trust: 0.3

vendor:freebsdmodel:8.4-stablescope:neversion: -

Trust: 0.3

vendor:freebsdmodel:release -p3scope:eqversion:8.2-

Trust: 0.3

vendor:freebsdmodel:8.1-prereleasescope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:freebsdmodel:9.3-rc1-p2scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:tivoli netcool system service monitor fp14scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.3

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2x

Trust: 0.3

vendor:ibmmodel:tivoli management frameworkscope:eqversion:4.1.1

Trust: 0.3

vendor:freebsdmodel:7.4-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:1.0

Trust: 0.3

vendor:freebsdmodel:9.2-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:1.1

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.1

Trust: 0.3

vendor:ibmmodel:snapdrive for unixscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.0.12

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.10

Trust: 0.3

vendor:freebsdmodel:8-relengscope: - version: -

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:5.4

Trust: 0.3

vendor:ibmmodel:proventia network security controllerscope:eqversion:1.0.1209

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:7.3-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.2-releasescope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.2-release-p9scope: - version: -

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.7

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:-release-p38scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:1.1.0.5

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.4

Trust: 0.3

vendor:ibmmodel:clustered data ontap antivirus connectorscope:eqversion:1.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.2

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:8.4-beta1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:eqversion:7.0.1

Trust: 0.3

vendor:ibmmodel:gpfs for windowsscope:eqversion:3.5

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2

Trust: 0.3

vendor:freebsdmodel:6.0-relengscope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:1.1.5

Trust: 0.3

vendor:freebsdmodel:9.2-release-p5scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.3

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:upward integration modules for microsoft system centerscope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:10.0-rc2-p1scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1dscope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.6

Trust: 0.3

vendor:freebsdmodel:8.4-prereleasescope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.9

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1x

Trust: 0.3

vendor:freebsdmodel:9.3-release-p1scope:neversion: -

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switchscope:eqversion:9.1.2

Trust: 0.3

vendor:ibmmodel:open systems snapvaultscope:eqversion:2.6

Trust: 0.3

vendor:freebsdmodel:8.4-release-p4scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.1-relengscope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:5.5

Trust: 0.3

vendor:freebsdmodel:-release-p14scope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:8.1-release-p4scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.11

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.5

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:snapdrive for unixscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.8

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.1.7.1

Trust: 0.3

vendor:ibmmodel:tealeaf cxscope:eqversion:8.3

Trust: 0.3

vendor:ibmmodel:flex system fc3171 8gb san switchscope:eqversion:9.1.1

Trust: 0.3

vendor:ibmmodel:proventia network security controllerscope:eqversion:1.0.913

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:9.1-rc1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:beta4scope:eqversion:7.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.0.1

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.4

Trust: 0.3

vendor:freebsdmodel:9.0-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-release-p5scope:eqversion:8.0

Trust: 0.3

vendor:freebsdmodel:9.2-rc3-p1scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:ibmmodel:open systems snapvaultscope:eqversion:2.6.1

Trust: 0.3

vendor:freebsdmodel:7.2-release-p1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:1.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:-stablepre050201scope:eqversion:3.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.7

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.6.2

Trust: 0.3

vendor:freebsdmodel:9.2-release-p4scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:7.3-release-p6scope: - version: -

Trust: 0.3

vendor:freebsdmodel:release p7scope:eqversion:7.3--

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.4

Trust: 0.3

vendor:freebsdmodel:5.4-stablescope: - version: -

Trust: 0.3

vendor:freebsdmodel:release-p5scope:eqversion:9.1

Trust: 0.3

vendor:freebsdmodel:9.1-release-p14scope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.1-release-p3scope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.8

Trust: 0.3

vendor:freebsdmodel:-release-p10scope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:sdk for node.jsscope:eqversion:1.1.0.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:9.3-beta1-p2scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1bscope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:2.2.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.6.2

Trust: 0.3

vendor:freebsdmodel:10.0-rc1-p1scope: - version: -

Trust: 0.3

vendor:ibmmodel:sametimescope:eqversion:8.5.2.0

Trust: 0.3

vendor:ibmmodel:watson explorer securityscope:eqversion:8.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.9

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:10.0-stablescope:neversion: -

Trust: 0.3

vendor:freebsdmodel:9.0-releasescope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.4

Trust: 0.3

vendor:ibmmodel:upward integration modules for vmware vspherescope:eqversion:3.5.2

Trust: 0.3

vendor:freebsdmodel:-release-p8scope:eqversion:4.10

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.3.0

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.2

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:freebsdmodel:9.2-release-p10scope: - version: -

Trust: 0.3

vendor:ibmmodel:snapdrive for windowsscope:eqversion:7.1

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:freebsdmodel:8.4-release-p7scope: - version: -

Trust: 0.3

vendor:ibmmodel:snapdrive for unixscope:neversion:5.3

Trust: 0.3

vendor:freebsdmodel:-release-p17scope:eqversion:4.7

Trust: 0.3

vendor:freebsdmodel:7.0-release-p11scope: - version: -

Trust: 0.3

vendor:ibmmodel:clustered data ontap antivirus connectorscope:eqversion:1.0.1

Trust: 0.3

vendor:freebsdmodel:9.1-release-p10scope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.2.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.3

Trust: 0.3

vendor:freebsdmodel:rc1scope:eqversion:9.2

Trust: 0.3

vendor:freebsdmodel:10.0-release-p7scope: - version: -

Trust: 0.3

vendor:ibmmodel:open systems snapvaultscope:eqversion:3.0.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:4.1

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for os deploymentscope:eqversion:7.1.1

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:4.10

Trust: 0.3

vendor:freebsdmodel:-stablepre122300scope:eqversion:3.5

Trust: 0.3

vendor:ibmmodel:proventia network security controller 1.0.3350mscope: - version: -

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:5.3

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.4

Trust: 0.3

vendor:freebsdmodel:9.1-relengscope: - version: -

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.5

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:4.8

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.3

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:10.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.3.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:3.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.3

Trust: 0.3

vendor:freebsdmodel:9.2-rc1-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:8.0-rc1scope: - version: -

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.2.1.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.2

Trust: 0.3

vendor:freebsdmodel:8.2-release-p2scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:4.9

Trust: 0.3

vendor:ibmmodel:upward integration modules for vmware vspherescope:eqversion:3.5.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:proventia network security controllerscope:eqversion:1.0.1768

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:4.3

Trust: 0.3

vendor:freebsdmodel:-release-p42scope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.4

Trust: 0.3

vendor:ibmmodel:tivoli provisioning manager for images system editionscope:eqversion:x7.1.1.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:9.1

Trust: 0.3

vendor:freebsdmodel:6.4-relengscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1hscope: - version: -

Trust: 0.3

vendor:freebsdmodel:6.4-release-p5scope: - version: -

Trust: 0.3

sources: BID: 69083 // CNNVD: CNNVD-201408-129 // NVD: CVE-2014-3512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3512
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201408-129
value: HIGH

Trust: 0.6

VULMON: CVE-2014-3512
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3512
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

sources: VULMON: CVE-2014-3512 // CNNVD: CNNVD-201408-129 // NVD: CVE-2014-3512

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

sources: NVD: CVE-2014-3512

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 127790 // CNNVD: CNNVD-201408-129

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201408-129

PATCH

title:openssl-1.0.1iurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51696

Trust: 0.6

title:openssl-1.0.0nurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51695

Trust: 0.6

title:openssl-0.9.8zburl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51694

Trust: 0.6

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2308-1

Trust: 0.1

title:Debian Security Advisories: DSA-2998-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=bfd576c692d8814b2a331baf29ad367c

Trust: 0.1

title:Amazon Linux AMI: ALAS-2014-391url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2014-391

Trust: 0.1

title:Symantec Security Advisories: SA85 : OpenSSL Security Advisory 06-Aug-2014url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=02a206cf2efb06aecdaf29aeca851b55

Trust: 0.1

sources: VULMON: CVE-2014-3512 // CNNVD: CNNVD-201408-129

EXTERNAL IDS

db:NVDid:CVE-2014-3512

Trust: 2.7

db:BIDid:69083

Trust: 1.4

db:SECUNIAid:59700

Trust: 1.1

db:SECUNIAid:61100

Trust: 1.1

db:SECUNIAid:60803

Trust: 1.1

db:SECUNIAid:59710

Trust: 1.1

db:SECUNIAid:60810

Trust: 1.1

db:SECUNIAid:60917

Trust: 1.1

db:SECUNIAid:61017

Trust: 1.1

db:SECUNIAid:60921

Trust: 1.1

db:SECUNIAid:60221

Trust: 1.1

db:SECUNIAid:60022

Trust: 1.1

db:SECUNIAid:59756

Trust: 1.1

db:SECUNIAid:61959

Trust: 1.1

db:SECUNIAid:61171

Trust: 1.1

db:SECUNIAid:61775

Trust: 1.1

db:SECUNIAid:61184

Trust: 1.1

db:SECUNIAid:60493

Trust: 1.1

db:SECTRACKid:1030693

Trust: 1.1

db:TENABLEid:TNS-2014-06

Trust: 1.1

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:CNNVDid:CNNVD-201408-129

Trust: 0.6

db:JUNIPERid:JSA10649

Trust: 0.3

db:VULMONid:CVE-2014-3512

Trust: 0.1

db:PACKETSTORMid:130868

Trust: 0.1

db:PACKETSTORMid:128214

Trust: 0.1

db:PACKETSTORMid:127803

Trust: 0.1

db:PACKETSTORMid:129721

Trust: 0.1

db:PACKETSTORMid:127790

Trust: 0.1

db:PACKETSTORMid:127811

Trust: 0.1

db:PACKETSTORMid:169648

Trust: 0.1

sources: VULMON: CVE-2014-3512 // BID: 69083 // PACKETSTORM: 130868 // PACKETSTORM: 128214 // PACKETSTORM: 127803 // PACKETSTORM: 129721 // PACKETSTORM: 127790 // PACKETSTORM: 127811 // PACKETSTORM: 169648 // CNNVD: CNNVD-201408-129 // NVD: CVE-2014-3512

REFERENCES

url:https://www.openssl.org/news/secadv_20140806.txt

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686997

Trust: 1.4

url:https://www.freebsd.org/security/advisories/freebsd-sa-14:18.openssl.asc

Trust: 1.4

url:http://security.gentoo.org/glsa/glsa-201412-39.xml

Trust: 1.2

url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2014-008.txt.asc

Trust: 1.1

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.1

url:http://secunia.com/advisories/59700

Trust: 1.1

url:http://secunia.com/advisories/59710

Trust: 1.1

url:http://secunia.com/advisories/59756

Trust: 1.1

url:http://secunia.com/advisories/60022

Trust: 1.1

url:http://secunia.com/advisories/60221

Trust: 1.1

url:http://secunia.com/advisories/60493

Trust: 1.1

url:http://secunia.com/advisories/60803

Trust: 1.1

url:http://secunia.com/advisories/60810

Trust: 1.1

url:http://secunia.com/advisories/60917

Trust: 1.1

url:http://secunia.com/advisories/60921

Trust: 1.1

url:http://secunia.com/advisories/61017

Trust: 1.1

url:http://secunia.com/advisories/61100

Trust: 1.1

url:http://secunia.com/advisories/61171

Trust: 1.1

url:http://secunia.com/advisories/61184

Trust: 1.1

url:http://secunia.com/advisories/61775

Trust: 1.1

url:http://secunia.com/advisories/61959

Trust: 1.1

url:http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html

Trust: 1.1

url:http://www.debian.org/security/2014/dsa-2998

Trust: 1.1

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm

Trust: 1.1

url:http://www.securityfocus.com/bid/69083

Trust: 1.1

url:http://www.securitytracker.com/id/1030693

Trust: 1.1

url:http://www.tenable.com/security/tns-2014-06

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1020240

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21682293

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21683389

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95158

Trust: 1.1

url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-september/000196.html

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=4a23b12a031860253b58d503f296377ca076427b

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2014-5139

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3512

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3510

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3509

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3507

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3506

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3511

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2014-3505

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2014-3508

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1021317

Trust: 0.3

url:http://www.openssl.org

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686583

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21686126

Trust: 0.3

url:http://seclists.org/bugtraq/2015/mar/84

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10649&cat=sirt_1&actp=list

Trust: 0.3

url:aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21684570

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21685467

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21682293

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5097658

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=nas8n1020240

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21715901

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21691005

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21963783

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21683389

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098264

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21686182

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21685967

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html?ref=rss

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21966557

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21683744

Trust: 0.3

url:http://www.debian.org/security/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2014-3512

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=35209

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2308-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512>

Trust: 0.1

url:http://www.freebsd.org/handbook/makeworld.html>.

Trust: 0.1

url:https://www.openssl.org/news/secadv_20140806.txt>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508>

Trust: 0.1

url:http://security.freebsd.org/patches/sa-14:18/openssl-9.patch

Trust: 0.1

url:http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:http://security.freebsd.org/advisories/freebsd-sa-14:18.openssl.asc>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511>

Trust: 0.1

url:http://security.freebsd.org/patches/sa-14:18/openssl-9.patch.asc

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509>

Trust: 0.1

url:http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-14:18/openssl-10.0.patch.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-14:18/openssl-9.3.patch

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139>

Trust: 0.1

url:http://svnweb.freebsd.org/base?view=revision&revision=nnnnnn>

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3513

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3568

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6449

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-6450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3507

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3567

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3509

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-6449

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3568

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3510

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3505

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3511

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.20

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.17

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.5

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2308-1

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3510

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3509

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3511

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3506

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3512

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3505

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3508

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5139

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3507

Trust: 0.1

sources: VULMON: CVE-2014-3512 // BID: 69083 // PACKETSTORM: 130868 // PACKETSTORM: 128214 // PACKETSTORM: 127803 // PACKETSTORM: 129721 // PACKETSTORM: 127790 // PACKETSTORM: 127811 // PACKETSTORM: 169648 // CNNVD: CNNVD-201408-129 // NVD: CVE-2014-3512

CREDITS

Sean Devlin and Watson Ladd from Cryptography Services, NCC Group.

Trust: 0.9

sources: BID: 69083 // CNNVD: CNNVD-201408-129

SOURCES

db:VULMONid:CVE-2014-3512
db:BIDid:69083
db:PACKETSTORMid:130868
db:PACKETSTORMid:128214
db:PACKETSTORMid:127803
db:PACKETSTORMid:129721
db:PACKETSTORMid:127790
db:PACKETSTORMid:127811
db:PACKETSTORMid:169648
db:CNNVDid:CNNVD-201408-129
db:NVDid:CVE-2014-3512

LAST UPDATE DATE

2024-11-07T21:21:33.238000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2014-3512date:2017-08-29T00:00:00
db:BIDid:69083date:2016-07-26T23:01:00
db:CNNVDid:CNNVD-201408-129date:2022-02-18T00:00:00
db:NVDid:CVE-2014-3512date:2023-11-07T02:20:10.980

SOURCES RELEASE DATE

db:VULMONid:CVE-2014-3512date:2014-08-13T00:00:00
db:BIDid:69083date:2014-08-06T00:00:00
db:PACKETSTORMid:130868date:2015-03-18T00:44:34
db:PACKETSTORMid:128214date:2014-09-09T17:32:22
db:PACKETSTORMid:127803date:2014-08-08T21:50:05
db:PACKETSTORMid:129721date:2014-12-26T15:46:37
db:PACKETSTORMid:127790date:2014-08-08T21:44:17
db:PACKETSTORMid:127811date:2014-08-11T11:11:00
db:PACKETSTORMid:169648date:2014-08-06T12:12:12
db:CNNVDid:CNNVD-201408-129date:2014-08-20T00:00:00
db:NVDid:CVE-2014-3512date:2014-08-13T23:55:07.670