Vulnerabilidad en la función ssl3_send_client_key_exchange en OpenSSL (CVE-2014-3510)
Gravedad CVSS v2.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
13/08/2014
Última modificación:
12/04/2025
Descripción
La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL 0.9.8 anterior a 0.9.8zb, 1.0.0 anterior a 1.0.0n, y 1.0.1 anterior a 1.0.1i permite a servidores DTLS remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación del cliente) a través de un mensaje de negociación manipulado en conjunto con un suite de cifrado (1) anónimo DH o (2) anónimo ECDH.
Impacto
Puntuación base 2.0
4.30
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
- http://marc.info/?l=bugtraq&m=140853041709441&w=2
- http://marc.info/?l=bugtraq&m=140853041709441&w=2
- http://marc.info/?l=bugtraq&m=141077370928502&w=2
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://rhn.redhat.com/errata/RHSA-2014-1256.html
- http://rhn.redhat.com/errata/RHSA-2014-1297.html
- http://secunia.com/advisories/58962
- http://secunia.com/advisories/59221
- http://secunia.com/advisories/59700
- http://secunia.com/advisories/59710
- http://secunia.com/advisories/59743
- http://secunia.com/advisories/59756
- http://secunia.com/advisories/60022
- http://secunia.com/advisories/60221
- http://secunia.com/advisories/60493
- http://secunia.com/advisories/60684
- http://secunia.com/advisories/60687
- http://secunia.com/advisories/60778
- http://secunia.com/advisories/60803
- http://secunia.com/advisories/60824
- http://secunia.com/advisories/60917
- http://secunia.com/advisories/60921
- http://secunia.com/advisories/60938
- http://secunia.com/advisories/61017
- http://secunia.com/advisories/61045
- http://secunia.com/advisories/61100
- http://secunia.com/advisories/61184
- http://secunia.com/advisories/61250
- http://secunia.com/advisories/61775
- http://secunia.com/advisories/61959
- http://security.gentoo.org/glsa/glsa-201412-39.xml
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www.debian.org/security/2014/dsa-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.mandriva.com/security/advisories?name=MDVSA-2014%3A158
- http://www.securityfocus.com/bid/69082
- http://www.securitytracker.com/id/1030693
- https://bugzilla.redhat.com/show_bug.cgi?id=1127503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95164
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommit%3Bh%3D17160033765480453be0a41335fa6b833691c049
- https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
- https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
- https://www.openssl.org/news/secadv_20140806.txt
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html
- http://marc.info/?l=bugtraq&m=140853041709441&w=2
- http://marc.info/?l=bugtraq&m=140853041709441&w=2
- http://marc.info/?l=bugtraq&m=141077370928502&w=2
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://marc.info/?l=bugtraq&m=142660345230545&w=2
- http://rhn.redhat.com/errata/RHSA-2014-1256.html
- http://rhn.redhat.com/errata/RHSA-2014-1297.html
- http://secunia.com/advisories/58962
- http://secunia.com/advisories/59221
- http://secunia.com/advisories/59700
- http://secunia.com/advisories/59710
- http://secunia.com/advisories/59743
- http://secunia.com/advisories/59756
- http://secunia.com/advisories/60022
- http://secunia.com/advisories/60221
- http://secunia.com/advisories/60493
- http://secunia.com/advisories/60684
- http://secunia.com/advisories/60687
- http://secunia.com/advisories/60778
- http://secunia.com/advisories/60803
- http://secunia.com/advisories/60824
- http://secunia.com/advisories/60917
- http://secunia.com/advisories/60921
- http://secunia.com/advisories/60938
- http://secunia.com/advisories/61017
- http://secunia.com/advisories/61045
- http://secunia.com/advisories/61100
- http://secunia.com/advisories/61184
- http://secunia.com/advisories/61250
- http://secunia.com/advisories/61775
- http://secunia.com/advisories/61959
- http://security.gentoo.org/glsa/glsa-201412-39.xml
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www.debian.org/security/2014/dsa-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.mandriva.com/security/advisories?name=MDVSA-2014%3A158
- http://www.securityfocus.com/bid/69082
- http://www.securitytracker.com/id/1030693
- https://bugzilla.redhat.com/show_bug.cgi?id=1127503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95164
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommit%3Bh%3D17160033765480453be0a41335fa6b833691c049
- https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html
- https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc
- https://www.openssl.org/news/secadv_20140806.txt