FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0590

This CVE name corresponds to:

Entered Topic
2009-05-07 FreeBSD -- remotely exploitable crash in OpenSSL

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0590 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-0590
Phase Assigned(20090213)

Description

The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.

References

Source Reference
BUGTRAQ 20090403 rPSA-2009-0057-1 m2crypto openssl openssl-scripts
BUGTRAQ 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
MLIST [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
MISC http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847
CONFIRM http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html
CONFIRM http://www.openssl.org/news/secadv_20090325.txt
CONFIRM http://www.php.net/archive/2009.php#id2009-04-08-1
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0057
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm
CONFIRM http://support.apple.com/kb/HT3865
CONFIRM http://www.vmware.com/security/advisories/VMSA-2010-0019.html
CONFIRM https://kb.bluecoat.com/index?page=content&id=SA50
APPLE APPLE-SA-2009-09-10-2
DEBIAN DSA-1763
FREEBSD FreeBSD-SA-09:08
HP HPSBUX02435
HP SSRT090059
HP HPSBMA02447
HP SSRT090062
MANDRIVA MDVSA-2009:087
NETBSD NetBSD-SA2009-008
REDHAT RHSA-2009:1335
SUNALERT 258048
SUSE SUSE-SR:2009:010
SUSE SUSE-SU-2011:0847
SUSE openSUSE-SU-2011:0845
UBUNTU USN-750-1
BID 34256
OSVDB 52864
OVAL oval:org.mitre.oval:def:10198
OVAL oval:org.mitre.oval:def:6996
SECTRACK 1021905
SECUNIA 34411
SECUNIA 34460
SECUNIA 34509
SECUNIA 34666
SECUNIA 34561
SECUNIA 34896
SECUNIA 34960
SECUNIA 35065
SECUNIA 35181
SECUNIA 35380
SECUNIA 35729
SECUNIA 36701
SECUNIA 38794
SECUNIA 38834
SECUNIA 42467
SECUNIA 42724
SECUNIA 42733
SECUNIA 36533
VUPEN ADV-2009-0850
VUPEN ADV-2009-1020
VUPEN ADV-2009-1175
VUPEN ADV-2009-1220
VUPEN ADV-2009-1548
VUPEN ADV-2010-0528
VUPEN ADV-2010-3126
XF openssl-asn1-stringprintex-dos(49431)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.