FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3470

This CVE name corresponds to:

Entered Topic
2014-06-05 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3470 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3470
Phase Assigned(20140514)

Description

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.

References

Source Reference
BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
CONFIRM http://www.openssl.org/news/secadv_20140605.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1103600
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8011cd56e39a433b1837465259a9bd24a38727fb
CONFIRM https://kb.bluecoat.com/index?page=content&id=SA80
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676035
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676062
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676419
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676496
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676655
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg24037761
CONFIRM http://www.blackberry.com/btsc/KB36051
CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015264
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015300
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10075
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21673137
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677828
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677527
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677695
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678167
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678289
CONFIRM http://www.splunk.com/view/SP-CAAAM2D
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CONFIRM http://support.apple.com/kb/HT6443
CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CISCO 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
MANDRIVA MDVSA-2015:062
SUSE SUSE-SU-2015:0578
BID 67898
SECUNIA 58797
SECUNIA 58579
SECUNIA 59191
SECUNIA 58939
SECUNIA 59120
SECUNIA 59126
SECUNIA 59162
SECUNIA 59300
SECUNIA 59438
SECUNIA 59442
SECUNIA 59450
SECUNIA 59491
SECUNIA 59495
SECUNIA 59514
SECUNIA 59490
SECUNIA 59655
SECUNIA 59721
SECUNIA 59413
SECUNIA 59669
SECUNIA 59301
SECUNIA 59659
SECUNIA 59666
SECUNIA 59459
SECUNIA 59895
SECUNIA 59342
SECUNIA 59451
SECUNIA 59916
SECUNIA 59784
SECUNIA 59990
SECUNIA 60571

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.