Showing 1 - 4 of 4

CVE-2009-0789

Status Candidate

Overview

OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.

Related Files

HP Security Bulletin HPSBOV02540 SSRT090249: Posted Jun 18, 2010; Authored by Hewlett Packard | Site hp.com; HP Security Bulletin - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS).; tags | advisory, denial of service, vulnerability; advisories | CVE-2008-5077, CVE-2009-0590, CVE-2009-0591, CVE-2009-0789, CVE-2009-3245; SHA-256 | 4962704cafb19e0d8b33b253acee33bdfbeb5b80d6189aecbbfce46eafb25462; Download | Favorite | View

HP Security Bulletin HPSBUX02435 SSRT090059: Posted Jun 11, 2009; Authored by Hewlett Packard | Site hp.com; HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and bypass security restrictions.; tags | advisory, denial of service, vulnerability; systems | hpux; advisories | CVE-2009-0590, CVE-2009-0591, CVE-2009-0789; SHA-256 | 264e65a664b0389ec6e7d20ae2d5d4e971920f81b26d09e75eaf4a99078d5169; Download | Favorite | View

OpenSSL Toolkit: Posted Mar 30, 2009; Site openssl.org; OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.; Changes: Three security flaws of moderate severity were fixed - Printing the contents of an ASN1 certificate with an illegal encoded length could cause an application crash. CMS verification could cause an invalid set of signed attributes to appear valid. A malformed ASN1 structure could cause invalid memory access. Further minor modifications were made.; tags | encryption, protocol; advisories | CVE-2009-0590, CVE-2009-0591, CVE-2009-0789; SHA-256 | 7e7cd4f3974199b729e6e3a0af08bd4279fde0370a1120c1a3b351ab090c6101; Download | Favorite | View

OpenSSL Security Advisory 20090325: Posted Mar 25, 2009; Site openssl.org; OpenSSL Security Advisory 20090325 - The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Other issues were also addressed.; tags | advisory; advisories | CVE-2009-0590, CVE-2009-0591, CVE-2009-0789; SHA-256 | 1740e31a83c7080938d1549888d5d57117009bb5f4125b9b6e9a693b6f8595f8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 61 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
nu11secur1ty 7 files
malvuln 5 files
Adam Gowdiak 4 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,580)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,745)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,490)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2009-0789

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems