ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-002.txt.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054007.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://marc.info/?l=bugtraq&m=130497251507577&w=2
http://marc.info/?l=bugtraq&m=131042179515633&w=2
http://secunia.com/advisories/43227
http://secunia.com/advisories/43286
http://secunia.com/advisories/43301
http://secunia.com/advisories/43339
http://secunia.com/advisories/44269
http://secunia.com/advisories/57353
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.668823
http://support.apple.com/kb/HT4723
http://www.debian.org/security/2011/dsa-2162
http://www.mandriva.com/security/advisories?name=MDVSA-2011:028
http://www.openssl.org/news/secadv_20110208.txt
http://www.redhat.com/support/errata/RHSA-2011-0677.html
http://www.securityfocus.com/bid/46264
http://www.securitytracker.com/id?1025050
http://www.ubuntu.com/usn/USN-1064-1
http://www.vupen.com/english/advisories/2011/0361
http://www.vupen.com/english/advisories/2011/0387
http://www.vupen.com/english/advisories/2011/0389
http://www.vupen.com/english/advisories/2011/0395
http://www.vupen.com/english/advisories/2011/0399
http://www.vupen.com/english/advisories/2011/0603
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18985
OR
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
OR
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
127201 | NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033) | Nessus | NewStart CGSL Local Security Checks | critical |
89038 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check) | Nessus | Misc. | high |
75595 | openSUSE Security Update : libopenssl-devel (libopenssl-devel-3937) | Nessus | SuSE Local Security Checks | medium |
73560 | AIX OpenSSL Advisory : openssl_advisory2.asc | Nessus | AIX Local Security Checks | high |
70885 | ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check) | Nessus | Misc. | high |
61747 | VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries | Nessus | VMware ESX Local Security Checks | high |
61043 | Scientific Linux Security Update : openssl on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
58811 | HP System Management Homepage < 7.0 Multiple Vulnerabilities | Nessus | Web Servers | critical |
56425 | GLSA-201110-01 : OpenSSL: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
55416 | Mac OS X 10.6.x < 10.6.8 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
800790 | Mac OS X 10.6 < 10.6.8 Multiple Vulnerabilities | Log Correlation Engine | Operating System Detection | high |
5968 | Mac OS X 10.6 < 10.6.8 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
54599 | RHEL 6 : openssl (RHSA-2011:0677) | Nessus | Red Hat Local Security Checks | medium |
53752 | openSUSE Security Update : libopenssl-devel (libopenssl-devel-3937) | Nessus | SuSE Local Security Checks | medium |
53611 | Fedora 13 : mingw32-openssl-1.0.0-0.7.beta4.fc13 (2011-5876) | Nessus | Fedora Local Security Checks | medium |
53610 | Fedora 14 : mingw32-openssl-1.0.0a-2.fc14 (2011-5865) | Nessus | Fedora Local Security Checks | medium |
53578 | Fedora 15 : mingw32-openssl-1.0.0d-1.fc15 (2011-5878) | Nessus | Fedora Local Security Checks | medium |
52988 | SuSE 11.1 Security Update : openSSL (SAT Patch Number 3938) | Nessus | SuSE Local Security Checks | medium |
52705 | Fedora 13 : openssl-1.0.0d-1.fc13 (2011-1255) | Nessus | Fedora Local Security Checks | medium |
51996 | Ubuntu 10.04 LTS / 10.10 : openssl vulnerability (USN-1064-1) | Nessus | Ubuntu Local Security Checks | medium |
51992 | Mandriva Linux Security Advisory : openssl (MDVSA-2011:028) | Nessus | Mandriva Local Security Checks | medium |
51981 | Fedora 14 : openssl-1.0.0d-1.fc14 (2011-1273) | Nessus | Fedora Local Security Checks | medium |
51978 | Debian DSA-2162-1 : openssl - invalid memory access | Nessus | Debian Local Security Checks | medium |
51943 | Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : openssl (SSA:2011-041-04) | Nessus | Slackware Local Security Checks | medium |
801053 | OpenSSL < 0.9.8r / 1.0.0d OCSP Stapling Denial of Service | Log Correlation Engine | Web Servers | medium |
5782 | OpenSSL < 0.9.8r / 1.0.0d OCSP Stapling DoS | Nessus Network Monitor | Web Servers | medium |
51919 | OpenSSL OCSP Stapling Denial of Service | Nessus | Web Servers | medium |