CVE-2008-1678 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1678
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1678

Description: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43948 UBUNTU http://www.ubuntu.com/usn/USN-731-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html SREASON http://securityreason.com/securityalert/3981 SAID Secunia Advisory: SA32222 Secunia Advisory: SA31416 Secunia Advisory: SA31026 Secunia Advisory: SA35264 Secunia Advisory: SA34219 REDHAT http://www.redhat.com/support/errata/RHSA-2009-1075.html MLIST http://marc.info/?l=openssl-dev&m=121060672602371&w=2 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 GENTOO http://security.gentoo.org/glsa/glsa-200807-06.xml FEDORA CONFIRM http://support.apple.com/kb/HT3216 http://bugs.gentoo.org/show_bug.cgi?id=222643 http://svn.apache.org/viewvc?view=rev&revision=654119 BID 31681 31692 APPLE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Return to the previous page.