CVE-2009-1379medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
References
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest
http://secunia.com/advisories/35416
http://secunia.com/advisories/35461
http://secunia.com/advisories/35571
http://secunia.com/advisories/35729
http://secunia.com/advisories/36533
http://secunia.com/advisories/37003
http://secunia.com/advisories/38761
http://secunia.com/advisories/38794
http://secunia.com/advisories/38834
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://security.gentoo.org/glsa/glsa-200912-01.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
http://www.openwall.com/lists/oss-security/2009/05/18/4
http://www.redhat.com/support/errata/RHSA-2009-1335.html
http://www.securityfocus.com/bid/35138
http://www.securitytracker.com/id?1022241
http://www.ubuntu.com/usn/USN-792-1
http://www.vupen.com/english/advisories/2009/1377
http://www.vupen.com/english/advisories/2010/0528
https://exchange.xforce.ibmcloud.com/vulnerabilities/50661
https://kb.bluecoat.com/index?page=content&id=SA50
https://launchpad.net/bugs/cve/2009-1379
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 127201 | NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033) | Nessus | NewStart CGSL Local Security Checks | critical |
| 127177 | NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl098e Multiple Vulnerabilities (NS-SA-2019-0020) | Nessus | NewStart CGSL Local Security Checks | critical |
| 89740 | VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) | Nessus | VMware ESX Local Security Checks | critical |
| 89737 | VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check) | Nessus | VMware ESX Local Security Checks | high |
| 63892 | RHEL 5 : openssl (RHSA-2009:1335) | Nessus | Red Hat Local Security Checks | medium |
| 60658 | Scientific Linux Security Update : openssl on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
| 17768 | OpenSSL 1.0.0 < 1.0.0-beta2 DoS | Nessus | Web Servers | medium |
| 48153 | Mandriva Linux Security Advisory : openssl (MDVSA-2009:239) | Nessus | Mandriva Local Security Checks | medium |
| 46765 | VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates | Nessus | VMware ESX Local Security Checks | high |
| 46015 | HP System Management Homepage < 6.0.0.96 / 6.0.0-95 Multiple Vulnerabilities | Nessus | Web Servers | critical |
| 44993 | VMSA-2010-0004 : ESX Service Console and vMA third-party updates | Nessus | VMware ESX Local Security Checks | high |
| 44946 | Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : openssl (SSA:2010-060-02) | Nessus | Slackware Local Security Checks | critical |
| 43785 | CentOS 5 : openssl (CESA-2009:1335) | Nessus | CentOS Local Security Checks | medium |
| 42996 | Mandriva Linux Security Advisory : openssl (MDVSA-2009:310) | Nessus | Mandriva Local Security Checks | medium |
| 42968 | GLSA-200912-01 : OpenSSL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 41572 | SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6267) | Nessus | SuSE Local Security Checks | medium |
| 41424 | SuSE 11 Security Update : OpenSSL (SAT Patch Number 909) | Nessus | SuSE Local Security Checks | medium |
| 41030 | Mandriva Linux Security Advisory : openssl (MDVSA-2009:238) | Nessus | Mandriva Local Security Checks | medium |
| 40261 | openSUSE Security Update : libopenssl-devel (libopenssl-devel-907) | Nessus | SuSE Local Security Checks | medium |
| 40034 | openSUSE Security Update : libopenssl-devel (libopenssl-devel-907) | Nessus | SuSE Local Security Checks | medium |
| 39534 | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : openssl vulnerabilities (USN-792-1) | Nessus | Ubuntu Local Security Checks | medium |
| 39476 | Fedora 11 : openssl-0.9.8k-5.fc11 (2009-5452) | Nessus | Fedora Local Security Checks | medium |
| 39475 | Fedora 9 : openssl-0.9.8g-9.14.fc9 (2009-5423) | Nessus | Fedora Local Security Checks | medium |
| 39474 | Fedora 10 : openssl-0.9.8g-14.fc10 (2009-5412) | Nessus | Fedora Local Security Checks | medium |
| 38923 | openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-6268) | Nessus | SuSE Local Security Checks | medium |