Vulnerability-Lookup

CVE-2009-3245 (GCVE-0-2009-3245)

Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-08-07 06:22

Summary

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

35 references

URL	Tags
http://www.vupen.com/english/advisories/2010/0916	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/42724	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/39461	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=openssl-cvs&m=126692159706582&w=2	mailing-listx_refsource_MLIST
http://support.apple.com/kb/HT4723	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://marc.info/?l=bugtraq&m=127678688104458&w=2	vendor-advisoryx_refsource_HP
http://marc.info/?l=openssl-cvs&m=126692170906712&w=2	mailing-listx_refsource_MLIST
http://secunia.com/advisories/38761	third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/38562	vdb-entryx_refsource_BID
https://lists.balabit.com/pipermail/syslog-ng-ann…	mailing-listx_refsource_MLIST
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://marc.info/?l=openssl-cvs&m=126692180606861&w=2	mailing-listx_refsource_MLIST
http://www.redhat.com/support/errata/RHSA-2010-09…	vendor-advisoryx_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/0839	vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=127128920008563&w=2	vendor-advisoryx_refsource_HP
https://lists.balabit.com/pipermail/syslog-ng-ann…	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-1003-1	vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/39932	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0933	vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2011-08…	vendor-advisoryx_refsource_REDHAT
http://marc.info/?l=bugtraq&m=127128920008563&w=2	vendor-advisoryx_refsource_HP
https://kb.bluecoat.com/index?page=content&id=SA50	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1216	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/42733	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/37291	third-party-advisoryx_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://aix.software.ibm.com/aix/efixes/security/o…	x_refsource_CONFIRM
http://packetstormsecurity.com/files/153392/ABB-H…	x_refsource_MISC

Date Public ?

2010-02-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:22:24.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-0916",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0916"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "oval:org.mitre.oval:def:11738",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738"
          },
          {
            "name": "39461",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39461"
          },
          {
            "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "FEDORA-2010-5357",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
          },
          {
            "name": "SSA:2010-060-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6640",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640"
          },
          {
            "name": "HPSBOV02540",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
          },
          {
            "name": "[openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2"
          },
          {
            "name": "38761",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38761"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "38562",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38562"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9790",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790"
          },
          {
            "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2"
          },
          {
            "name": "RHSA-2010:0977",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
          },
          {
            "name": "ADV-2010-0839",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "USN-1003-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1003-1"
          },
          {
            "name": "39932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39932"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "name": "RHSA-2011:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "ADV-2010-1216",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1216"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "37291",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37291"
          },
          {
            "name": "FEDORA-2010-5744",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-25T00:06:09.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2010-0916",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0916"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "oval:org.mitre.oval:def:11738",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738"
        },
        {
          "name": "39461",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39461"
        },
        {
          "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "FEDORA-2010-5357",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
        },
        {
          "name": "SSA:2010-060-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6640",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640"
        },
        {
          "name": "HPSBOV02540",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
        },
        {
          "name": "[openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2"
        },
        {
          "name": "38761",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38761"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "38562",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38562"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9790",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790"
        },
        {
          "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2"
        },
        {
          "name": "RHSA-2010:0977",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
        },
        {
          "name": "ADV-2010-0839",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0839"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "USN-1003-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1003-1"
        },
        {
          "name": "39932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39932"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "name": "RHSA-2011:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "ADV-2010-1216",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1216"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "37291",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37291"
        },
        {
          "name": "FEDORA-2010-5744",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3245",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-0916",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0916"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "oval:org.mitre.oval:def:11738",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738"
            },
            {
              "name": "39461",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39461"
            },
            {
              "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_1_0_0-stable: openssl/crypto/bn/ bn_div.c bn_gf...",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT4723",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4723"
            },
            {
              "name": "FEDORA-2010-5357",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"
            },
            {
              "name": "SSA:2010-060-02",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049"
            },
            {
              "name": "APPLE-SA-2011-06-23-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6640",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640"
            },
            {
              "name": "HPSBOV02540",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2"
            },
            {
              "name": "[openssl-cvs] 20100223 OpenSSL: openssl/crypto/bn/ bn_div.c bn_gf2m.c openssl/crypto/ec...",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2"
            },
            {
              "name": "38761",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38761"
            },
            {
              "name": "SUSE-SR:2010:013",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "38562",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38562"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9790",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790"
            },
            {
              "name": "[openssl-cvs] 20100223 OpenSSL: OpenSSL_0_9_8-stable: openssl/ CHANGES openssl/crypto/b...",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2"
            },
            {
              "name": "RHSA-2010:0977",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html"
            },
            {
              "name": "ADV-2010-0839",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0839"
            },
            {
              "name": "MDVSA-2010:076",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
            },
            {
              "name": "HPSBUX02517",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
              "refsource": "MLIST",
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
            },
            {
              "name": "USN-1003-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1003-1"
            },
            {
              "name": "39932",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39932"
            },
            {
              "name": "ADV-2010-0933",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0933"
            },
            {
              "name": "RHSA-2011:0896",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
            },
            {
              "name": "SSRT100058",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "ADV-2010-1216",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1216"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "37291",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/37291"
            },
            {
              "name": "FEDORA-2010-5744",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
            },
            {
              "name": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3245",
    "datePublished": "2010-03-05T19:00:00.000Z",
    "dateReserved": "2009-09-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T06:22:24.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-3245",
      "date": "2026-05-24",
      "epss": "0.19914",
      "percentile": "0.95548"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.9.8l\", \"matchCriteriaId\": \"81FB3B26-CC83-4FA5-BDE1-05F35AB99741\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A4E446D-B9D3-45F2-9722-B41FA14A6C31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF4EA988-FC80-4170-8933-7C6663731981\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64F8F53B-24A1-4877-B16E-F1917C4E4E81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75D3ACD5-905F-42BB-BE1A-8382E9D823BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"766EA6F2-7FA4-4713-9859-9971CCD2FDCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BB38AEA-BAF0-4920-9A71-747C24444770\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F33EA2B-DE15-4695-A383-7A337AC38908\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"261EE631-AB43-44FE-B02A-DFAAB8D35927\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A1365ED-4651-4AB2-A64B-43782EA2F0E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC82690C-DCED-47BA-AA93-4D0C9E95B806\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.\"}, {\"lang\": \"es\", \"value\": \"OpenSSL en versiones anterioes a v0.9.8m cuando recibe un valor de retorno NULL de la funcion bn_wexpand hace una llamada a (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, y (4) engines/e_ubsec.c, lo que tiene un impacto inespecifico y vectores de ataque dependientes del contexto.\"}]",
      "id": "CVE-2009-3245",
      "lastModified": "2024-11-21T01:06:53.233",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-03-05T19:30:00.343",
      "references": "[{\"url\": \"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/37291\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/38761\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39461\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/39932\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42724\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42733\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.apple.com/kb/HT4723\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0977.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0896.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/38562\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1003-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0839\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0916\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0933\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1216\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kb.bluecoat.com/index?page=content\u0026id=SA50\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/37291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38761\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/39461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/39932\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42724\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42733\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0977.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0896.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/38562\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1003-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0839\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0916\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1216\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.bluecoat.com/index?page=content\u0026id=SA50\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3245\\n\\nThis issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0162.html\\n\\nThis issue was fixed in openssl096b packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0173.html\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact on openssl packages in Red Hat Enterprise Linux 3 and 4, a future update may address this flaw.\", \"lastModified\": \"2010-03-25T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-3245\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-03-05T19:30:00.343\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.\"},{\"lang\":\"es\",\"value\":\"OpenSSL en versiones anterioes a v0.9.8m cuando recibe un valor de retorno NULL de la funcion bn_wexpand hace una llamada a (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, y (4) engines/e_ubsec.c, lo que tiene un impacto inespecifico y vectores de ataque dependientes del contexto.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.8l\",\"matchCriteriaId\":\"81FB3B26-CC83-4FA5-BDE1-05F35AB99741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4E446D-B9D3-45F2-9722-B41FA14A6C31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF4EA988-FC80-4170-8933-7C6663731981\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64F8F53B-24A1-4877-B16E-F1917C4E4E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75D3ACD5-905F-42BB-BE1A-8382E9D823BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766EA6F2-7FA4-4713-9859-9971CCD2FDCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BB38AEA-BAF0-4920-9A71-747C24444770\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F33EA2B-DE15-4695-A383-7A337AC38908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261EE631-AB43-44FE-B02A-DFAAB8D35927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1365ED-4651-4AB2-A64B-43782EA2F0E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC82690C-DCED-47BA-AA93-4D0C9E95B806\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37291\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38761\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39461\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/39932\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42724\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42733\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0977.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0896.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/38562\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1003-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0839\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0916\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0933\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1216\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.bluecoat.com/index?page=content\u0026id=SA50\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=openssl-cvs\u0026m=126692159706582\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://marc.info/?l=openssl-cvs\u0026m=126692170906712\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://marc.info/?l=openssl-cvs\u0026m=126692180606861\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://packetstormsecurity.com/files/153392/ABB-HMI-Outdated-Software-Components.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38761\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42733\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.663049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0977.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0896.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1003-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.bluecoat.com/index?page=content\u0026id=SA50\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11738\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3245\\n\\nThis issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0162.html\\n\\nThis issue was fixed in openssl096b packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0173.html\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact on openssl packages in Red Hat Enterprise Linux 3 and 4, a future update may address this flaw.\",\"lastModified\":\"2010-03-25T00:00:00\"}]}}"
  }
}

CERTA-2009-AVI-482

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le protocole SSL/TLS permet à une personne malintentionnée de contourner la politique de sécurité.

Description

Une vulnérabilité a été identifiée dans le protocole SSL/TLS lors de renégociations de sessions. Une personne s'étant au préalable mise en situation « d'homme au milieu » (man in the middle) peut, dans certaines circonstances, injecter des données à l'encontre d'un utilisateur, pour, par exemple, forcer l'envoi d'une requête HTTP au serveur vers lequel la victime se connecte.

Solution

La version 0.9.8l de OpenSSL désactive la renégociation de sessions par défaut.

OpenSSL versions antérieures à 0.9.8l ;
Sun Java Enterprise System Suite (voir le bulletin de sécurité Sun du 11 janvier 2010) ;
IBM WebSphere DataPower SOA appliances (voir le bulletin de sécurité IBM du 11 janvier 2010) ;
IBM multiples implémentations de SSL/TLS (voir le bulletin de sécurité IBM du 13 janvier 2010).

D'autres implémentations du protocole sont probablement touchées, ainsi que des applications utilisant OpenSSL.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM du 27 janvier 2010 pour IBM WebSphere :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité Sun du 19 novembre 2009 :	-	other
Bulletin de sécurité HP c01945686 du 12 décembre 2009 :	-	other
Bulletin de sécurité Bluecoat SA44 du 23 février 2010 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité Cisco cisco-sa-20091109-tls du 26 février 2010 :	-	other
Mise à jour de OpenSSL :	-	other
Bulletin de sécurité IBM du 25 novembre 2010 pour IBM WebSphere MQ :	-	other
Bulletin de sécurité Microsoft MS10-049 du 10 août 2010 :	-	other
Bulletin de sécurité IBM du 13 janvier 2010 :	-	other
Bulletin de sécurité RedHat RHSA-2010:0173 du 25 mars 2010 :	-	other
Bulletin de sécurité Microsoft MS10-049 du 10 août 2010 :	-	other
Bulletin de version ProFTPd 1.3.2c :	-	other
Bulletins de sécurité RedHat RHSA-2009:1579 et 1580 du 11 novembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12750, 12775 et 12782 du 07 décembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité SUSE SUSE-SA:2009:057 du 18 novembre 2009 :	-	other
Bulletin de sécurité Gentoo GLSA-200912-01 du 02 décembre 2009 :	-	other
Bulletin de sécurité Apple HT4004 du 19 janvier 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12229 et 12305 du 27 novembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12229 et 12305 du 27 novembre 2009 :	-	other
Bulletin de sécurité HP c02171256 du 17 mai 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12604 et 12606 du 04 décembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12750, 12775 et 12782 du 07 décembre 2009 :	-	other
Bulletin de sécurité Cisco cisco-sa-20091109-tls du 22 juillet 2010 :	-	other
Bulletin de sécurité IBM du 22 janvier 2010 pour IBM WebSphere :	-	other
Bulletins de sécurité OpenBSD du 26 novembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité Debian DSA 1934 du 16 novembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2009:1579 et 1580 du 11 novembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité IBM du 11 janvier 2010 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12750, 12775 et 12782 du 07 décembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12604 et 12606 du 04 décembre 2009 :	-	other
Bulletin de sécurité Sun du 11 janvier 2010 :	-	other
Bulletins de sécurité OpenBSD du 26 novembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eOpenSSL versions ant\u00e9rieures \u00e0 0.9.8l ;\u003c/LI\u003e    \u003cLI\u003eSun Java Enterprise System Suite (voir le bulletin de    s\u00e9curit\u00e9 Sun du 11 janvier 2010)\u0026nbsp;;\u003c/LI\u003e    \u003cLI\u003eIBM WebSphere DataPower SOA appliances (voir le bulletin de    s\u00e9curit\u00e9 IBM du 11 janvier 2010)\u0026nbsp;;\u003c/LI\u003e    \u003cLI\u003eIBM multiples impl\u00e9mentations de SSL/TLS (voir le bulletin    de s\u00e9curit\u00e9 IBM du 13 janvier 2010).\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eD\u0027autres impl\u00e9mentations du protocole sont probablement  touch\u00e9es, ainsi que des applications utilisant OpenSSL.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le protocole SSL/TLS lors de\nren\u00e9gociations de sessions. Une personne s\u0027\u00e9tant au pr\u00e9alable mise en\nsituation \u00ab d\u0027homme au milieu \u00bb (man in the middle) peut, dans certaines\ncirconstances, injecter des donn\u00e9es \u00e0 l\u0027encontre d\u0027un utilisateur, pour,\npar exemple, forcer l\u0027envoi d\u0027une requ\u00eate HTTP au serveur vers lequel la\nvictime se connecte.\n\n## Solution\n\nLa version 0.9.8l de OpenSSL d\u00e9sactive la ren\u00e9gociation de sessions par\nd\u00e9faut.\n",
  "cves": [
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 27 janvier 2010 pour IBM    WebSphere :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025719"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0162.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 19 novembre 2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01945686 du 12 d\u00e9cembre 2009 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Documents.jsp?objectID=c01945686"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Bluecoat SA44 du 23 f\u00e9vrier 2010 :",
      "url": "http://kb.bluecoat.com/index?page=content\u0026id=SA44"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0164.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20091109-tls du 26    f\u00e9vrier 2010 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"
    },
    {
      "title": "Mise \u00e0 jour de OpenSSL :",
      "url": "http://www.openssl.org/source/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 25 novembre 2010 pour IBM    WebSphere MQ :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-049 du 10 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 janvier 2010 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0173 du 25 mars 2010    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0173.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-049 du 10 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS10-049.mspx"
    },
    {
      "title": "Bulletin de version ProFTPd 1.3.2c :",
      "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2009:1579 et 1580 du 11    novembre 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1580.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et    12782 du 07 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00449.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0165.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2009:057 du 18 novembre    2009 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200912-01 du 02 d\u00e9cembre    2009 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200912-01.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4004 du 19 janvier 2010 :",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12229 et 12305 du    27 novembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg01029.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12229 et 12305 du    27 novembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg01020.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02171256 du 17 mai 2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Documents.jsp?objectID=c02171256"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12604 et 12606 du    04 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00944.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et    12782 du 07 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00428.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20091109-tls du 22    juillet 2010 :",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 22 janvier 2010 pour IBM    WebSphere :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025718"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 OpenBSD du 26 novembre 2009 :",
      "url": "http://openbsd.org/errata45.html#010_openssl"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0166.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1934 du 16 novembre 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1934"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2009:1579 et 1580 du 11    novembre 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1579.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0167.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 11 janvier 2010 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21390112"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0163.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et    12782 du 07 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00442.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12604 et 12606 du    04 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00645.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 11 janvier 2010 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 OpenBSD du 26 novembre 2009 :",
      "url": "http://openbsd.org/errata46.html#004_openssl"
    }
  ],
  "reference": "CERTA-2009-AVI-482",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-06T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Sun du 19 novembre 2009.",
      "revision_date": "2009-11-27T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Sun du 11 janvier 2010.",
      "revision_date": "2010-01-11T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 IBM du 11 janvier 2010.",
      "revision_date": "2010-01-13T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 IBM du 13 janvier 2010.",
      "revision_date": "2010-01-14T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 IBM du 22 et 27 janvier 2010.",
      "revision_date": "2010-01-27T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 Apple, Bluecoat, Cisco, Debian, Fedora, Gentoo, openBSD, ProFTPd, RedHat et Suse.",
      "revision_date": "2010-03-04T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 RedHat et de la r\u00e9f\u00e9rence CVE-2009-3245.",
      "revision_date": "2010-03-26T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 HP.",
      "revision_date": "2010-05-19T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin Cisco.",
      "revision_date": "2010-07-29T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin Microsoft.",
      "revision_date": "2010-08-11T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin IBM WebSphere MQ.",
      "revision_date": "2010-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le protocole SSL/TLS permet \u00e0 une personne\nmalintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du protocole SSL/TLS",
  "vendor_advisories": []
}

CERTA-2010-AVI-268

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans HP SSL pour OpenVMS.

Description

De multiples vulnérabilités ont été découvertes dans HP SSL pour OpenVMS. Une personne malveillante peut exploiter ces vulnérabilités pour provoquer un déni de service à distance, ou contourner la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et supérieures ;
	N/A	N/A	HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et supérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité HP c02227287 du 16 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et sup\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et sup\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS. Une personne malveillante peut exploiter ces vuln\u00e9rabilit\u00e9s\npour provoquer un d\u00e9ni de service \u00e0 distance, ou contourner la politique\nde s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-268",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP SSL pour OpenVMS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02227287 du 16 juin 2010",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02227287"
    }
  ]
}

CERTA-2010-AVI-461

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités affectant différents logiciels inclus dans VMware ESX Console OS ont été corrigées.

Description

Plusieurs logiciels vulnérables inclus dans VMware ESX Console OS ont été mis à jour par l'éditeur :

le composant NSS_db est mis à jour pour corriger une vulnérabilité permettant à un utilisateur malveillant d'accéder à des données confidentielles (CVE-2010-0826) ;
une mise à jour du composant OpenLDAP corrige un erreur dans la gestion du Common Name d'un certificat X.509, qui permet une attaque du type « homme au milieu » (CVE-2009-3767) ;
la bibliothèque libcurl est mise à jour afin de corriger une vulnérabilité permettant à un attaquant d'effectuer à distance un déni de service par arrêt inopiné (CVE-2010-0734) ;
le logiciel sudo est mis à jour pour corriger une erreur concernant la gestion d'une variable d'environnement permettant à un utilisateur malveillant d'élever ses privilèges (CVE-2010-1646) ;
une mise à jour groupée des composants OpenSSL, GnuTLS, NSS et NSPR corrige différentes vulnérabilités permettant entre autres un déni de service et l'élévation de privilèges (CVE-2009-3555, CVE-2009-2409, CVE-2009-3245 et CVE-2010-0433).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware ESX 4.0 Console OS (COS).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité VMSA-2010-0015 du 30 septembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVMware ESX 4.0 Console OS (COS).\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs logiciels vuln\u00e9rables inclus dans VMware ESX Console OS ont\n\u00e9t\u00e9 mis \u00e0 jour par l\u0027\u00e9diteur :\n\n-   le composant NSS_db est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9\n    permettant \u00e0 un utilisateur malveillant d\u0027acc\u00e9der \u00e0 des donn\u00e9es\n    confidentielles (CVE-2010-0826) ;\n-   une mise \u00e0 jour du composant OpenLDAP corrige un erreur dans la\n    gestion du Common Name d\u0027un certificat X.509, qui permet une attaque\n    du type \u00ab homme au milieu \u00bb (CVE-2009-3767) ;\n-   la biblioth\u00e8que libcurl est mise \u00e0 jour afin de corriger une\n    vuln\u00e9rabilit\u00e9 permettant \u00e0 un attaquant d\u0027effectuer \u00e0 distance un\n    d\u00e9ni de service par arr\u00eat inopin\u00e9 (CVE-2010-0734) ;\n-   le logiciel sudo est mis \u00e0 jour pour corriger une erreur concernant\n    la gestion d\u0027une variable d\u0027environnement permettant \u00e0 un\n    utilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges (CVE-2010-1646) ;\n-   une mise \u00e0 jour group\u00e9e des composants OpenSSL, GnuTLS, NSS et NSPR\n    corrige diff\u00e9rentes vuln\u00e9rabilit\u00e9s permettant entre autres un d\u00e9ni\n    de service et l\u0027\u00e9l\u00e9vation de privil\u00e8ges (CVE-2009-3555,\n    CVE-2009-2409, CVE-2009-3245 et CVE-2010-0433).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0826"
    },
    {
      "name": "CVE-2010-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0734"
    },
    {
      "name": "CVE-2009-3767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3767"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s affectant diff\u00e9rents logiciels inclus dans\n\u003cspan class=\"textit\"\u003eVMware ESX Console OS\u003c/span\u003e ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMSA-2010-0015 du 30 septembre 2010",
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000106.html"
    }
  ]
}

CERTA-2010-AVI-627

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités, liées à l'utilisation de versions anciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus dommageables permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Solution

Pour la version 9, la révision 9.2.4.1 remédie à ces vulnérabilités. Le correctif de la version 8 n'est pas encore disponible.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Blue Coat Reporter, versions 8.x et 9.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA50 du 19 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBlue Coat Reporter, versions 8.x et  9.x.\u003c/p\u003e",
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nPour la version 9, la r\u00e9vision 9.2.4.1 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s. Le\ncorrectif de la version 8 n\u0027est pas encore disponible.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-4355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4355"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-627",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Blue Coat Reporter",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA50 du 19 novembre 2010",
      "url": "http://kb.bluecoat.com/index?page=content\u0026id=SA50"
    }
  ]
}

CERTA-2011-AVI-032

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités sont présentes dans syslog-ng. Elles permettent de contourner la politique de sécurité ou de provoquer un déni de service à distance.

Description

Plusieurs vulnérabilités sont présentes dans syslog-ng.

L'une d'elles permet de contourner la politique de sécurité en raison d'un mauvais positionnement des droits d'accès sur des fichiers.

Les autres sont exploitables pour provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

syslog-ng Open Source Edition :

versions 3.0.x antérieures à la version 3.0.10 ;
versions 3.1.x antérieures à la version 3.1.4 ;
versions 3.2.x antérieures à la version 3.2.2.

syslog-ng Premium Edition :

versions 3.0.x antérieures à la version 3.0.6a ;
versions 3.2.x antérieures à la version 3.2.1a.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011	None	vendor-advisory
Annonces des versions de syslog-ng du 14 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 14 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 16 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 07 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 07 janvier 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003esyslog-ng Open Source Edition :  \u003cUL\u003e    \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.10 ;\u003c/LI\u003e    \u003cLI\u003eversions 3.1.x ant\u00e9rieures \u00e0 la version 3.1.4 ;\u003c/LI\u003e    \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.2.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003esyslog-ng Premium Edition :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.6a ;\u003c/LI\u003e    \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.1a.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng.\n\nL\u0027une d\u0027elles permet de contourner la politique de s\u00e9curit\u00e9 en raison\nd\u0027un mauvais positionnement des droits d\u0027acc\u00e8s sur des fichiers.\n\nLes autres sont exploitables pour provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2011-0343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "links": [
    {
      "title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000103.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000104.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 16 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000105.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
    }
  ],
  "reference": "CERTA-2011-AVI-032",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng. Elles permettent\nde contourner la politique de s\u00e9curit\u00e9 ou de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans syslog-ng",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011",
      "url": null
    }
  ]
}

CERTA-2011-AVI-369

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X, notamment :

AirPort ;
App Store ;
Gestion des certificats ;
ColorSync ;
CoreFoundation ;
CoreGraphics ;
FTP Server ;
ImageIO ;
Kernel ;
Libsystem ;
Libxslt ;
MobileMe ;
MySQL ;
OpenSSL ;
QuickTime ;
Samba ;
Servermgrd ;
Subversion.

Certaines vulnérabilités permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X Server 10.6.x.
N/A	N/A	Mac OS X Server 10.5.8 ;
N/A	N/A	Mac OS X 10.6.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4723 du 23 juin 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X, notamment\u00a0:\n\n-   AirPort\u00a0;\n-   App Store\u00a0;\n-   Gestion des certificats\u00a0;\n-   ColorSync\u00a0;\n-   CoreFoundation\u00a0;\n-   CoreGraphics\u00a0;\n-   FTP Server\u00a0;\n-   ImageIO\u00a0;\n-   Kernel\u00a0;\n-   Libsystem\u00a0;\n-   Libxslt\u00a0;\n-   MobileMe\u00a0;\n-   MySQL\u00a0;\n-   OpenSSL\u00a0;\n-   QuickTime\u00a0;\n-   Samba\u00a0;\n-   Servermgrd\u00a0;\n-   Subversion.\n\nCertaines vuln\u00e9rabilit\u00e9s permettent l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0195"
    },
    {
      "name": "CVE-2011-0200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0200"
    },
    {
      "name": "CVE-2011-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0208"
    },
    {
      "name": "CVE-2010-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4651"
    },
    {
      "name": "CVE-2010-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3835"
    },
    {
      "name": "CVE-2011-0198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0198"
    },
    {
      "name": "CVE-2011-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0715"
    },
    {
      "name": "CVE-2010-3837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3837"
    },
    {
      "name": "CVE-2010-3682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3682"
    },
    {
      "name": "CVE-2011-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0207"
    },
    {
      "name": "CVE-2011-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0202"
    },
    {
      "name": "CVE-2011-0196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0196"
    },
    {
      "name": "CVE-2010-3677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3677"
    },
    {
      "name": "CVE-2011-0197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0197"
    },
    {
      "name": "CVE-2011-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0210"
    },
    {
      "name": "CVE-2011-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0209"
    },
    {
      "name": "CVE-2011-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0203"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-0719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0719"
    },
    {
      "name": "CVE-2010-3790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3790"
    },
    {
      "name": "CVE-2010-4180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2010-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
    },
    {
      "name": "CVE-2011-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1132"
    },
    {
      "name": "CVE-2011-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0213"
    },
    {
      "name": "CVE-2010-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3838"
    },
    {
      "name": "CVE-2011-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0212"
    },
    {
      "name": "CVE-2011-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0205"
    },
    {
      "name": "CVE-2010-3836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3836"
    },
    {
      "name": "CVE-2011-0204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0204"
    },
    {
      "name": "CVE-2011-0199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0199"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2011-0201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0201"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2010-3833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3833"
    },
    {
      "name": "CVE-2011-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
    },
    {
      "name": "CVE-2011-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0211"
    },
    {
      "name": "CVE-2010-3834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3834"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-369",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Leur\nexploitation permet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4723 du 23 juin 2011",
      "url": "http://docs.info.apple.com/article.html?artnum=HT4723"
    }
  ]
}

CERTFR-2021-AVI-033

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SRC Series versions antérieures à 4.12.0R6
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à 1911.31
Juniper Networks	Junos OS Evolved	Juniper Junos OS Evolved versions antérieures à 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R1-S4-EVO, 20.1R2-S1-EVO, 20.2R1-EVO, 20.3R1-S1-EVO, 20.3R2-EVO et 20.4R1-EVO
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R12-S17, 12.3X48-D105, 14.1X53-D53, 15.1R7-S6, 15.1R7-S7, 15.1R7-S8, 15.1X49-D230, 15.1X49-D240, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S11, 17.4R2-S12, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S9, 18.2R2-S7, 18.2R2-S8, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2X75-D34, 18.3R2-S4, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.4R1-S5, 18.4R1-S8, 18.4R2-S3, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 19.1R1-S4, 19.1R1-S5, 19.1R1-S6, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.2R1-S2, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R2-S1, 19.2R3, 19.2R3-S1, 19.3R2, 19.3R2-S1, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.4R1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R2-S1, 19.4R2-S2, 19.4R2-S3, 19.4R3, 19.4R3-S1, 20.1R1 , 20.1R1-S2, 20.1R1-S3, 20.1R1-S4, 20.1R2, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R1-S3, 20.2R2, 20.3R1, 20.3R1-S1, 20.3R2 et 20.4R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11096 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11098 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11097 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11094 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11104 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11099 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11093 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11101 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11088 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11092 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11091 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11100 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11095 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11090 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11102 du 13 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SRC Series versions ant\u00e9rieures \u00e0 4.12.0R6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 1911.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS Evolved versions ant\u00e9rieures \u00e0 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R1-S4-EVO, 20.1R2-S1-EVO, 20.2R1-EVO, 20.3R1-S1-EVO, 20.3R2-EVO et 20.4R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S17, 12.3X48-D105, 14.1X53-D53, 15.1R7-S6, 15.1R7-S7, 15.1R7-S8, 15.1X49-D230, 15.1X49-D240, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S11, 17.4R2-S12, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S9, 18.2R2-S7, 18.2R2-S8, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2X75-D34, 18.3R2-S4, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.4R1-S5, 18.4R1-S8, 18.4R2-S3, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 19.1R1-S4, 19.1R1-S5, 19.1R1-S6, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.2R1-S2, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R2-S1, 19.2R3, 19.2R3-S1, 19.3R2, 19.3R2-S1, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.4R1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R2-S1, 19.4R2-S2, 19.4R2-S3, 19.4R3, 19.4R3-S1, 20.1R1 , 20.1R1-S2, 20.1R1-S3, 20.1R1-S4, 20.1R2, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R1-S3, 20.2R2, 20.3R1, 20.3R1-S1, 20.3R2 et 20.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0207"
    },
    {
      "name": "CVE-2021-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0222"
    },
    {
      "name": "CVE-2018-20997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20997"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2013-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
    },
    {
      "name": "CVE-2021-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0206"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2021-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0202"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2013-5607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5607"
    },
    {
      "name": "CVE-2021-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0211"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2020-8617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
    },
    {
      "name": "CVE-2021-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0203"
    },
    {
      "name": "CVE-2021-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0205"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2021-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0209"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2021-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0208"
    },
    {
      "name": "CVE-2019-13565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
    },
    {
      "name": "CVE-2021-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0212"
    },
    {
      "name": "CVE-2020-8616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
    },
    {
      "name": "CVE-2021-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0210"
    },
    {
      "name": "CVE-2014-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1545"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-033",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11096 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11096\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11098 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11098\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11097 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11097\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11094 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11094\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11104 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11104\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11099 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11099\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11093 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11093\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11101 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11101\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11088 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11088\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11092 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11092\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11091 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11091\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11100 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11100\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11095 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11095\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11090 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11090\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11102 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11102\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2021-AVI-669

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021	None	vendor-advisory
Bulletin de sécurité Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2012-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2018-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
    },
    {
      "name": "CVE-2017-7618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2010-4805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2017-11176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
    },
    {
      "name": "CVE-2016-4997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2021-39279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
    },
    {
      "name": "CVE-2021-39278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
    },
    {
      "name": "CVE-2012-6638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
    },
    {
      "name": "CVE-2014-2523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
    },
    {
      "name": "CVE-2016-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
    },
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2011-0709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2014-3512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
    },
    {
      "name": "CVE-2012-3552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
    },
    {
      "name": "CVE-2012-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
    },
    {
      "name": "CVE-2017-1000111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
    },
    {
      "name": "CVE-2019-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
    },
    {
      "name": "CVE-2012-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2016-8717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2016-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2014-9984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
    },
    {
      "name": "CVE-2009-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
    },
    {
      "name": "CVE-2015-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
    },
    {
      "name": "CVE-2012-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
    },
    {
      "name": "CVE-2014-9402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2016-7117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2014-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
    },
    {
      "name": "CVE-2017-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
    },
    {
      "name": "CVE-2016-7406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
    },
    {
      "name": "CVE-2013-7470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2012-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2010-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
    },
    {
      "name": "CVE-2016-2148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
    },
    {
      "name": "CVE-2010-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
    },
    {
      "name": "CVE-2010-1162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-669",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
    }
  ]
}

CERTA-2009-AVI-482

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le protocole SSL/TLS permet à une personne malintentionnée de contourner la politique de sécurité.

Description

Solution

La version 0.9.8l de OpenSSL désactive la renégociation de sessions par défaut.

OpenSSL versions antérieures à 0.9.8l ;
Sun Java Enterprise System Suite (voir le bulletin de sécurité Sun du 11 janvier 2010) ;
IBM WebSphere DataPower SOA appliances (voir le bulletin de sécurité IBM du 11 janvier 2010) ;
IBM multiples implémentations de SSL/TLS (voir le bulletin de sécurité IBM du 13 janvier 2010).

D'autres implémentations du protocole sont probablement touchées, ainsi que des applications utilisant OpenSSL.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM du 27 janvier 2010 pour IBM WebSphere :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité Sun du 19 novembre 2009 :	-	other
Bulletin de sécurité HP c01945686 du 12 décembre 2009 :	-	other
Bulletin de sécurité Bluecoat SA44 du 23 février 2010 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité Cisco cisco-sa-20091109-tls du 26 février 2010 :	-	other
Mise à jour de OpenSSL :	-	other
Bulletin de sécurité IBM du 25 novembre 2010 pour IBM WebSphere MQ :	-	other
Bulletin de sécurité Microsoft MS10-049 du 10 août 2010 :	-	other
Bulletin de sécurité IBM du 13 janvier 2010 :	-	other
Bulletin de sécurité RedHat RHSA-2010:0173 du 25 mars 2010 :	-	other
Bulletin de sécurité Microsoft MS10-049 du 10 août 2010 :	-	other
Bulletin de version ProFTPd 1.3.2c :	-	other
Bulletins de sécurité RedHat RHSA-2009:1579 et 1580 du 11 novembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12750, 12775 et 12782 du 07 décembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité SUSE SUSE-SA:2009:057 du 18 novembre 2009 :	-	other
Bulletin de sécurité Gentoo GLSA-200912-01 du 02 décembre 2009 :	-	other
Bulletin de sécurité Apple HT4004 du 19 janvier 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12229 et 12305 du 27 novembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12229 et 12305 du 27 novembre 2009 :	-	other
Bulletin de sécurité HP c02171256 du 17 mai 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12604 et 12606 du 04 décembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12750, 12775 et 12782 du 07 décembre 2009 :	-	other
Bulletin de sécurité Cisco cisco-sa-20091109-tls du 22 juillet 2010 :	-	other
Bulletin de sécurité IBM du 22 janvier 2010 pour IBM WebSphere :	-	other
Bulletins de sécurité OpenBSD du 26 novembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité Debian DSA 1934 du 16 novembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2009:1579 et 1580 du 11 novembre 2009 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletin de sécurité IBM du 11 janvier 2010 :	-	other
Bulletins de sécurité RedHat RHSA-2010:0162 à 0167 du 25 mars 2010 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12750, 12775 et 12782 du 07 décembre 2009 :	-	other
Bulletins de sécurité Fedora FEDORA-2009-12604 et 12606 du 04 décembre 2009 :	-	other
Bulletin de sécurité Sun du 11 janvier 2010 :	-	other
Bulletins de sécurité OpenBSD du 26 novembre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eOpenSSL versions ant\u00e9rieures \u00e0 0.9.8l ;\u003c/LI\u003e    \u003cLI\u003eSun Java Enterprise System Suite (voir le bulletin de    s\u00e9curit\u00e9 Sun du 11 janvier 2010)\u0026nbsp;;\u003c/LI\u003e    \u003cLI\u003eIBM WebSphere DataPower SOA appliances (voir le bulletin de    s\u00e9curit\u00e9 IBM du 11 janvier 2010)\u0026nbsp;;\u003c/LI\u003e    \u003cLI\u003eIBM multiples impl\u00e9mentations de SSL/TLS (voir le bulletin    de s\u00e9curit\u00e9 IBM du 13 janvier 2010).\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eD\u0027autres impl\u00e9mentations du protocole sont probablement  touch\u00e9es, ainsi que des applications utilisant OpenSSL.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans le protocole SSL/TLS lors de\nren\u00e9gociations de sessions. Une personne s\u0027\u00e9tant au pr\u00e9alable mise en\nsituation \u00ab d\u0027homme au milieu \u00bb (man in the middle) peut, dans certaines\ncirconstances, injecter des donn\u00e9es \u00e0 l\u0027encontre d\u0027un utilisateur, pour,\npar exemple, forcer l\u0027envoi d\u0027une requ\u00eate HTTP au serveur vers lequel la\nvictime se connecte.\n\n## Solution\n\nLa version 0.9.8l de OpenSSL d\u00e9sactive la ren\u00e9gociation de sessions par\nd\u00e9faut.\n",
  "cves": [
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 27 janvier 2010 pour IBM    WebSphere :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025719"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0162.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 19 novembre 2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01945686 du 12 d\u00e9cembre 2009 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Documents.jsp?objectID=c01945686"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Bluecoat SA44 du 23 f\u00e9vrier 2010 :",
      "url": "http://kb.bluecoat.com/index?page=content\u0026id=SA44"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0164.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20091109-tls du 26    f\u00e9vrier 2010 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"
    },
    {
      "title": "Mise \u00e0 jour de OpenSSL :",
      "url": "http://www.openssl.org/source/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 25 novembre 2010 pour IBM    WebSphere MQ :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-049 du 10 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 13 janvier 2010 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0173 du 25 mars 2010    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0173.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS10-049 du 10 ao\u00fbt 2010 :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS10-049.mspx"
    },
    {
      "title": "Bulletin de version ProFTPd 1.3.2c :",
      "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2009:1579 et 1580 du 11    novembre 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1580.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et    12782 du 07 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00449.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0165.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2009:057 du 18 novembre    2009 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200912-01 du 02 d\u00e9cembre    2009 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200912-01.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4004 du 19 janvier 2010 :",
      "url": "http://support.apple.com/kb/HT4004"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12229 et 12305 du    27 novembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg01029.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12229 et 12305 du    27 novembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg01020.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02171256 du 17 mai 2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Documents.jsp?objectID=c02171256"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12604 et 12606 du    04 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00944.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et    12782 du 07 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00428.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20091109-tls du 22    juillet 2010 :",
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 22 janvier 2010 pour IBM    WebSphere :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025718"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 OpenBSD du 26 novembre 2009 :",
      "url": "http://openbsd.org/errata45.html#010_openssl"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0166.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1934 du 16 novembre 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1934"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2009:1579 et 1580 du 11    novembre 2009 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1579.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0167.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 11 janvier 2010 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21390112"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2010:0162 \u00e0 0167 du 25    mars 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0163.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12750, 12775 et    12782 du 07 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00442.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Fedora FEDORA-2009-12604 et 12606 du    04 d\u00e9cembre 2009 :",
      "url": "https://www.redhat.com/archives/fedora-packages-announce/2009-December/msg00645.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 11 janvier 2010 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 OpenBSD du 26 novembre 2009 :",
      "url": "http://openbsd.org/errata46.html#004_openssl"
    }
  ],
  "reference": "CERTA-2009-AVI-482",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-06T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Sun du 19 novembre 2009.",
      "revision_date": "2009-11-27T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Sun du 11 janvier 2010.",
      "revision_date": "2010-01-11T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 IBM du 11 janvier 2010.",
      "revision_date": "2010-01-13T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 IBM du 13 janvier 2010.",
      "revision_date": "2010-01-14T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 IBM du 22 et 27 janvier 2010.",
      "revision_date": "2010-01-27T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 Apple, Bluecoat, Cisco, Debian, Fedora, Gentoo, openBSD, ProFTPd, RedHat et Suse.",
      "revision_date": "2010-03-04T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 RedHat et de la r\u00e9f\u00e9rence CVE-2009-3245.",
      "revision_date": "2010-03-26T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 HP.",
      "revision_date": "2010-05-19T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin Cisco.",
      "revision_date": "2010-07-29T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin Microsoft.",
      "revision_date": "2010-08-11T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin IBM WebSphere MQ.",
      "revision_date": "2010-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le protocole SSL/TLS permet \u00e0 une personne\nmalintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du protocole SSL/TLS",
  "vendor_advisories": []
}

CERTA-2010-AVI-268

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans HP SSL pour OpenVMS.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et supérieures ;
	N/A	N/A	HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et supérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité HP c02227287 du 16 juin 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP SSL 1.3 pour OpenVMS Alpha versions 8.2 et sup\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP SSL 1.3 pour OpenVMS Integrity versions 8.2-1 et sup\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS. Une personne malveillante peut exploiter ces vuln\u00e9rabilit\u00e9s\npour provoquer un d\u00e9ni de service \u00e0 distance, ou contourner la politique\nde s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2008-5077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5077"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-268",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HP SSL pour\nOpenVMS.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP SSL pour OpenVMS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c02227287 du 16 juin 2010",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02227287"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-3245 (GCVE-0-2009-3245)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Solution

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature