CVE-2009-1386 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2009-1386
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2009-1386

Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/50963 UBUNTU http://www.ubuntu.com/usn/USN-792-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html SAID Secunia Advisory: SA35571 Secunia Advisory: SA35685 Secunia Advisory: SA35729 NETBSD MLIST http://www.openwall.com/lists/oss-security/2009/06/02/1 MILW0RM http://www.milw0rm.com/exploits/8873 CONFIRM http://cvs.openssl.org/chngview?cn=17369 http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guest BID 35174

Return to the previous page.