FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-0160

This CVE name corresponds to:

Entered Topic
2014-04-07 OpenSSL -- Remote Information Disclosure

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-0160 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-0160
Phase Assigned(20131203)

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

References

Source Reference
BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
EXPLOIT-DB 32745
EXPLOIT-DB 32764
FULLDISC 20140408 Re: heartbleed OpenSSL bug CVE-2014-0160
FULLDISC 20140408 heartbleed OpenSSL bug CVE-2014-0160
FULLDISC 20140409 Re: heartbleed OpenSSL bug CVE-2014-0160
FULLDISC 20140412 Re: heartbleed OpenSSL bug CVE-2014-0160
FULLDISC 20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL
FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
MLIST [syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released
MISC http://heartbleed.com/
MISC http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
MISC https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
MISC https://gist.github.com/chapmajs/10473815
MISC https://www.cert.fi/en/reports/2014/vulnerability788210.html
CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
CONFIRM http://www.openssl.org/news/secadv_20140407.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1084875
CONFIRM http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21670161
CONFIRM http://www.blackberry.com/btsc/KB35882
CONFIRM http://www.splunk.com/view/SP-CAAAMB3
CONFIRM https://code.google.com/p/mod-spdy/issues/detail?id=85
CONFIRM http://www.f-secure.com/en/web/labs_global/fsc-2014-1
CONFIRM http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
CONFIRM http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
CONFIRM http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
CONFIRM http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
CONFIRM http://cogentdatahub.com/ReleaseNotes.html
CONFIRM http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
CONFIRM http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
CONFIRM http://www.kerio.com/support/kerio-control/release-history
CONFIRM http://advisories.mageia.org/MGASA-2014-0165.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CONFIRM https://filezilla-project.org/versions.php?type=server
CONFIRM https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
CISCO 20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
DEBIAN DSA-2896
FEDORA FEDORA-2014-4879
FEDORA FEDORA-2014-4910
HP HPSBMU02995
HP HPSBMU03009
HP HPSBMU03022
HP HPSBMU03024
HP HPSBST03000
HP HPSBHF03136
HP HPSBHF03293
HP SSRT101846
MANDRIVA MDVSA-2015:062
REDHAT RHSA-2014:0376
REDHAT RHSA-2014:0377
REDHAT RHSA-2014:0378
REDHAT RHSA-2014:0396
SUSE SUSE-SA:2014:002
SUSE openSUSE-SU-2014:0492
CERT TA14-098A
CERT-VN VU#720951
BID 66690
SECTRACK 1030026
SECTRACK 1030074
SECTRACK 1030077
SECTRACK 1030078
SECTRACK 1030079
SECTRACK 1030080
SECTRACK 1030081
SECTRACK 1030082
SECUNIA 57347
SECUNIA 57483
SECUNIA 57721
SECUNIA 57836
SECUNIA 57966
SECUNIA 57968

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.