SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Blue Coat Reporter Vendors:   Blue Coat Systems
(Blue Coat Issues Fix for Reporter) OpenSSL Cryptographic Message Syntax Processing Flaw Lets Remote Users Trigger Memory Errors
SecurityTracker Alert ID:  1024920
SecurityTracker URL:  http://securitytracker.com/id/1024920
CVE Reference:   CVE-2010-0742   (Links to External Site)
Date:  Dec 22 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.2.4.1
Description:   A vulnerability was reported in OpenSSL. A remote user can write to invalid memory addresses on the target system. Blue Coat Reporter is affected.

A remote user can send specially crafted Cryptographic Message Syntax (CMS) structures containing OriginatorInfo to write to invalid memory addresses or trigger a double-free on the target system.

Only the CMS code is affected, which exists in version 0.9.8h and later (but disabled by default) and in version 1.0.0 (enabled by default).

Ronald Moesbergen reported this vulnerability.

Impact:   A remote user can write to invalid memory addresses on the target system.

[Editor's note: The resulting impact was not specified.]

Solution:   Blue Coat has issued a fix (9.2.4.1).

The Blue Coat advisory is available at:

https://kb.bluecoat.com/index?page=content&id=SA50

Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise), Linux (Red Hat Linux)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 2 2010 OpenSSL Cryptographic Message Syntax Processing Flaw Lets Remote Users Trigger Memory Errors



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC