FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-3864

This CVE name corresponds to:

Entered Topic
2010-11-17 openssl -- TLS extension parsing race condition

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-3864 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-3864
Phase Assigned(20101008)

Description

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

References

Source Reference
BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
MLIST [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
CONFIRM http://openssl.org/news/secadv_20101116.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=649304
CONFIRM http://blogs.sun.com/security/entry/cve_2010_3864_race_condition
CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html
CONFIRM http://www.adobe.com/support/security/bulletins/apsb11-11.html
CONFIRM http://support.apple.com/kb/HT4723
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
APPLE APPLE-SA-2011-06-23-1
DEBIAN DSA-2125
FEDORA FEDORA-2010-17826
FEDORA FEDORA-2010-17827
FEDORA FEDORA-2010-17847
FREEBSD FreeBSD-SA-10:10
HP HPSBMA02658
HP SSRT100413
HP HPSBGN02740
HP SSRT100741
REDHAT RHSA-2010:0888
SLACKWARE SSA:2010-326-01
SUSE SUSE-SR:2010:022
CERT-VN VU#737740
SECTRACK 1024743
SECUNIA 42243
SECUNIA 42309
SECUNIA 42336
SECUNIA 42352
SECUNIA 42397
SECUNIA 42241
SECUNIA 42413
SECUNIA 43312
SECUNIA 44269
SECUNIA 57353
VUPEN ADV-2010-3041
VUPEN ADV-2010-3121
VUPEN ADV-2010-3077
VUPEN ADV-2010-3097

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.