FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1378

This CVE name corresponds to:

Entered Topic
2009-05-30 openssl -- denial of service in DTLS implementation

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-1378
Phase Assigned(20090423)

Description

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

References

Source Reference
MILW0RM 8720
MLIST [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
MLIST [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak
MLIST [oss-security] 20090518 Two OpenSSL DTLS remote DoS
MLIST [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
MISC https://launchpad.net/bugs/cve/2009-1378
CONFIRM http://cvs.openssl.org/chngview?cn=18188
CONFIRM http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
CONFIRM http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net
CONFIRM http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html
CONFIRM https://kb.bluecoat.com/index?page=content&id=SA50
GENTOO GLSA-200912-01
HP HPSBMA02492
HP SSRT100079
MANDRIVA MDVSA-2009:120
NETBSD NetBSD-SA2009-009
REDHAT RHSA-2009:1335
SLACKWARE SSA:2010-060-02
SUSE SUSE-SR:2009:011
UBUNTU USN-792-1
BID 35001
OVAL oval:org.mitre.oval:def:11309
OVAL oval:org.mitre.oval:def:7229
SECTRACK 1022241
SECUNIA 35128
SECUNIA 35416
SECUNIA 35461
SECUNIA 35571
SECUNIA 35729
SECUNIA 37003
SECUNIA 38761
SECUNIA 38794
SECUNIA 38834
SECUNIA 42724
SECUNIA 42733
SECUNIA 36533
VUPEN ADV-2009-1377
VUPEN ADV-2010-0528