FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-5139

This CVE name corresponds to:

Entered	Topic
2014-08-06	OpenSSL -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-5139 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2014-5139
Phase	Assigned(20140730)

Description

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.

References

Source	Reference
CONFIRM	https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80bd7b41b30af6ee96f519e629463583318de3b0
CONFIRM	https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=83764a989dcc87fbea337da5f8f86806fe767b7e
CONFIRM	https://www.openssl.org/news/secadv_20140806.txt
CONFIRM	http://www.tenable.com/security/tns-2014-06
CONFIRM	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21686997
CONFIRM	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21682293
DEBIAN	DSA-2998
GENTOO	GLSA-201412-39
HP	HPSBMU03260
HP	SSRT101894
HP	HPSBMU03216
HP	SSRT101818
HP	HPSBMU03259
HP	HPSBMU03262
HP	HPSBMU03267
HP	HPSBMU03283
HP	SSRT101916
HP	SSRT101921
HP	SSRT101922
HP	HPSBHF03293
HP	SSRT101846
HP	HPSBMU03304
NETBSD	NetBSD-SA2014-008
SUSE	openSUSE-SU-2014:1052
BID	69077
SECUNIA	60810
SECUNIA	60917
SECUNIA	60921
SECUNIA	61775
SECUNIA	61959
SECUNIA	59756