Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-1378

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Published

2009-05-19T19:30:00.750

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	< 0.9.8m	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	canonical	ubuntu_linux	9.04	Yes

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc Broken Link, Third Party Advisory ([email protected])
http://cvs.openssl.org/chngview?cn=18188 Broken Link, Patch, Vendor Advisory ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 Broken Link, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html Mailing List, Third Party Advisory ([email protected])
http://lists.vmware.com/pipermail/security-announce/2010/000082.html Third Party Advisory ([email protected])
http://marc.info/?l=openssl-dev&m=124247679213944&w=2 Mailing List, Patch, Third Party Advisory ([email protected])
http://marc.info/?l=openssl-dev&m=124263491424212&w=2 Exploit, Mailing List, Third Party Advisory ([email protected])
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/35128 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/35416 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/35461 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/35571 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/35729 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/36533 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/37003 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/38761 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/38794 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/38834 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/42724 Not Applicable, Third Party Advisory ([email protected])
http://secunia.com/advisories/42733 Not Applicable, Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200912-01.xml Third Party Advisory ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 Mailing List, Third Party Advisory ([email protected])
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net Broken Link ([email protected])
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 Not Applicable ([email protected])
http://www.openwall.com/lists/oss-security/2009/05/18/1 Mailing List, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-1335.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/35001 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1022241 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-792-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/1377 Permissions Required, Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/0528 Permissions Required, Third Party Advisory ([email protected])
https://kb.bluecoat.com/index?page=content&id=SA50 Broken Link ([email protected])
https://launchpad.net/bugs/cve/2009-1378 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 Broken Link, Tool Signature ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 Broken Link, Tool Signature ([email protected])
https://www.exploit-db.com/exploits/8720 Exploit, Third Party Advisory, VDB Entry ([email protected])
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://cvs.openssl.org/chngview?cn=18188 Broken Link, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.vmware.com/pipermail/security-announce/2010/000082.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=openssl-dev&m=124247679213944&w=2 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=openssl-dev&m=124263491424212&w=2 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35128 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35416 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35461 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35571 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35729 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/36533 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37003 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38761 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38794 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38834 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42724 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42733 Not Applicable, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200912-01.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/05/18/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-1335.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35001 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1022241 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-792-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/1377 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0528 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.bluecoat.com/index?page=content&id=SA50 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/bugs/cve/2009-1378 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11309 Broken Link, Tool Signature (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7229 Broken Link, Tool Signature (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/8720 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)