Debian OpenSSL vulnerabilities

CVE-2009-1387 [MEDIUM] CVE-2009-1387: openssl - The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before... The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." Scope: local bookworm: resolved (fixed in 0.9.8k-2) bullseye: resolved (fixed in 0.9.8k-2) forky: res

CVE-2009-2409 [MEDIUM] CVE-2009-2409: nss - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; G... The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is

CVE-2009-3245 [CRITICAL] CVE-2009-3245: openssl - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand fun... OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. Scope: local bookworm: resolved (fixed in 0.9.8m-1) bullseye: resolved (fixed in 0.9.8m-1) forky: reso

CVE-2009-1377 [MEDIUM] CVE-2009-1377: openssl - The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0... The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." Scope: local bookworm: resolved (fixed in 0.9.8k-1) bullseye: resolved (fixed i

CVE-2008-0166 [HIGH] CVE-2008-0166: openssh - OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating system... OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. Scope: local bookworm: resolved (fixed in 4.7p1-9) bullseye: resolved (fixed in 4.7p1-9) forky: resolved (fixe

CVE-2008-0891 [MEDIUM] CVE-2008-0891: openssl - Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name... Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 0.9.8g-10.1) bullseye: resolved (fixed in 0.9.8g-10.

CVE-2008-7270 [MEDIUM] CVE-2008-7270: openssl - OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, ... OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180. Scope: local bookworm:

CVE-2008-1672 [MEDIUM] CVE-2008-1672: openssl - OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (... OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 0.9.8g-10.1) bullseye: resolved (fixed in 0.9.8g-10.1) forky: resolved (fixed in 0.9.8g-10.1) si

CVE-2008-5077 [MEDIUM] CVE-2008-5077: openssl - OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP... OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. Scope: local bookworm: resolved (fixed in 0.9.8g-15) bullseye: resolved (fixed in 0.9.8g-15) forky: resolved (fixed in 0.9.8g-15) s

CVE-2007-6755 [MEDIUM] CVE-2007-6755: openssl - The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic R... The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a pre

CVE-2007-5135 [CRITICAL] CVE-2007-5135: openssl - Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0... Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible

CVE-2007-4995 [CRITICAL] CVE-2007-4995: openssl - Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allow... Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Scope: local bookworm: resolved (fixed in 0.9.8f-1) bullseye: resolved (fixed in 0.9.8f-1) forky: resolved (fixed in 0.9.8f-1) sid: resolved (fixed in 0.9.8f-1) trixie: resolved (fixed in 0.9.8f-1)

CVE-2007-3108 [LOW] CVE-2007-3108: openssl - The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and ear... The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. Scope: local bookworm: resolved (fixed in 0.9.8e-6) bullseye: resolved (fixed in 0.9.8e-6) forky: resolved (fixed in 0.9.8e-6) sid: resolve

CVE-2006-3738 [CRITICAL] CVE-2006-3738: openssl - Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0... Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Scope: local bookworm: resolved (fixed in 0.9.8c-2) bullseye: resolved (fixed in 0.9.8c-2) forky: resolved (fixed in 0.9.8c-2) sid: resolved (fixed in 0.9

CVE-2006-2937 [HIGH] CVE-2006-2937: openssl - OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to c... OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Scope: local bookworm: resolved (fixed in 0.9.8c-2) bullseye: resolved (fixed in 0.9.8c-2) forky: resolved (fixed in 0.9.8c-2) sid: resolved (f

CVE-2006-2940 [HIGH] CVE-2006-2940: openssl - OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows at... OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. Scope: local bookworm: resolved (fixed in 0.9.8c-

CVE-2006-4339 [MEDIUM] CVE-2006-4339: openssl - OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using a... OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. Scope: local bookworm: r

CVE-2006-4343 [MEDIUM] CVE-2006-4343: openssl - The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0... The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Scope: local bookworm: resolved (fixed in 0.9.8c-2) bullseye: resolved (fixed in 0.9.8c-2) forky: resolved (fixe

CVE-2006-7250 [MEDIUM] CVE-2006-7250: openssl - The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlie... The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. Scope: local bookworm: resolved (fixed in 1.0.0h-1) bullseye: resolved (fixed in 1.0.0h-1) forky: resolved (fixed in 1.0.0h-1) sid: resolved (fixed in 1.0

CVE-2005-2946 [HIGH] CVE-2005-2946: openssl - The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message ... The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. Scope: local bookworm: resolved (fixed in 0.9.8-1) bullseye: resolved (fixed in 0.9.8-1) forky: resolved (fixed in 0.