FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-3568

This CVE name corresponds to:

Entered Topic
2014-10-15 OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-3568 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-3568
Phase Assigned(20140514)

Description

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.

References

Source Reference
CONFIRM https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7
CONFIRM https://www.openssl.org/news/secadv_20141015.txt
CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM http://support.apple.com/HT204244
CONFIRM https://support.apple.com/HT205217
APPLE APPLE-SA-2015-01-27-4
APPLE APPLE-SA-2015-09-16-2
DEBIAN DSA-3053
GENTOO GLSA-201412-39
HP HPSBUX03162
HP SSRT101767
HP HPSBMU03260
HP HPSBOV03227
HP SSRT101779
HP SSRT101894
HP HPSBMU03267
HP HPSBMU03304
HP HPSBHF03300
NETBSD NetBSD-SA2014-015
SUSE openSUSE-SU-2014:1331
SUSE SUSE-SU-2014:1357
SUSE SUSE-SU-2014:1361
SUSE SUSE-SU-2015:0578
BID 70585
SECTRACK 1031053
SECUNIA 61130
SECUNIA 61207
SECUNIA 61819
SECUNIA 62030
SECUNIA 59627
SECUNIA 61058
SECUNIA 61073
SECUNIA 61959
SECUNIA 62070
SECUNIA 62124
XF openssl-cve20143568-sec-bypass(97037)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.