FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-6449

This CVE name corresponds to:

Entered	Topic
2014-01-06	openssl -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-6449 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2013-6449
Phase	Assigned(20131104)

Description

The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.

References

Source	Reference
BUGTRAQ	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
FULLDISC	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
CONFIRM	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ca989269a2876bae79393bd54c3e72d49975fc75
CONFIRM	http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=1045363
CONFIRM	https://issues.apache.org/jira/browse/TS-2355
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
DEBIAN	DSA-2833
FEDORA	FEDORA-2013-23768
FEDORA	FEDORA-2013-23788
FEDORA	FEDORA-2013-23794
GENTOO	GLSA-201412-39
REDHAT	RHSA-2014:0015
REDHAT	RHSA-2014:0041
SUSE	openSUSE-SU-2014:0012
SUSE	openSUSE-SU-2014:0015
SUSE	openSUSE-SU-2014:0018
SUSE	openSUSE-SU-2014:0048
UBUNTU	USN-2079-1
BID	64530
SECTRACK	1029548