SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
SecurityTracker Alert ID:  1032479
SecurityTracker URL:  http://securitytracker.com/id/1032479
CVE Reference:   CVE-2015-1791   (Links to External Site)
Updated:  Jun 11 2015
Original Entry Date:  Jun 4 2015
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.8, 1.0.0, 1.0.1, 1.0.2
Description:   A vulnerability was reported in OpenSSL. The impact was not specified.

A remote server can return a specially crafted NewSessionTicket message to a connected multi-threaded client to cause the client to attempt to reuse a previous ticket and trigger a race condition. As a result, a double free memory error may occur in ssl3_get_new_session_ticket().

Emilia Kasper of the OpenSSL development team reported this vulnerability.

Impact:   The impact was not specified.
Solution:   The vendor has issued a fix (0.9.8zg, 1.0.0s, 1.0.1n, 1.0.2b).

The vendor has also issued a source code fix, available at:

https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc

The vendor's advisory is available at:

http://openssl.org/news/secadv_20150611.txt

Vendor URL:  openssl.org/news/secadv_20150611.txt (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 11 2015 (Ubuntu Issues Fix) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, 14.10, and 15.04.
Jun 12 2015 (FreeBSD Issues Fix) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
FreeBSD has issued a fix for FreeBSD 8.4, 9.3, and 10.1.
Jun 16 2015 (Red Hat Issues Fix) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7.
Jun 17 2015 (Cisco Issues Advisory for Cisco Jabber Guest Server) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Jabber Guest Server.
Jun 17 2015 (Cisco Issues Advisory for Cisco Intrusion Prevention System) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Intrusion Prevention System.
Jun 18 2015 (Cisco Issues Advisory for Cisco Identity Services Engine) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Identity Services Engine.
Jun 18 2015 (Cisco Issues Advisory for Cisco TelePresence) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco TelePresence.
Jun 18 2015 (Cisco Issues Advisory for Cisco Enterprise Content Delivery System) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Enterprise Content Delivery System.
Jun 18 2015 (Cisco Issues Advisory for Cisco Digital Media Players) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Digital Media Players.
Jun 18 2015 (Cisco Issues Advisory for Cisco Unified Intelligent Contact Management Enterprise) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Unified Intelligent Contact Management Enterprise.
Jun 18 2015 (Cisco Issues Advisory for Cisco Unified Contact Center Enterprise) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Unified Contact Center Enterprise.
Jun 18 2015 (Cisco Issues Advisory for Cisco NX-OS) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco NX-OS.
Jun 18 2015 (Cisco Issues Advisory for Cisco Prime Security Manager) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Prime Security Manager.
Jun 19 2015 (Cisco Issues Advisory for Cisco Network Analysis Module) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Cisco has issued an advisory for Cisco Network Analysis Module.
Jun 20 2015 (McAfee Issues Advisory for McAfee Asset Manager) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
McAfee has issued an advisory for McAfee Asset Manager.
Jun 20 2015 (McAfee Issues Advisory for McAfee Agent) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
McAfee has issued an advisory for McAfee Agent.
Jun 20 2015 (McAfee Issues Advisory for McAfee Email Gateway) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
McAfee has issued an advisory for McAfee Email Gateway.
Jun 20 2015 (McAfee Issues Advisory for McAfee Email and Web Security Appliance) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
McAfee has issued an advisory for McAfee Email and Web Security Appliance.
Jul 15 2015 (IBM Issues Fix for IBM AIX) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM AIX 5.3, 6.1, and 7.1.
Aug 6 2015 (IBM Issues Fix for IBM Security Network IPS) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM Security Network IPS.
Aug 11 2015 (HP Issues Fix for HP-UX) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
HP has issued a fix for HP-UX 11.31.
Aug 21 2015 (NedtBSD Issues Fix) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
NetBSD has issued a fix for NetBSD 5.1, 5.2, 6.0, and 6.1.
Aug 27 2015 (IBM Issues Fix for IBM Rational ClearCase) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM Rational ClearCase.
Aug 30 2015 (IBM Issues Fix for IBM InfoSphere Guardium) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM InfoSphere Guardium.
Sep 9 2015 (IBM Issues Fix for IBM Security Proventia Network Enterprise Scanner) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM Security Proventia Network Enterprise Scanner.
Oct 8 2015 (IBM Issues Fix for IBM Tivoli Netcool System Service Monitor) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM Tivoli Netcool System Service Monitor.
Oct 19 2015 (IBM Issues Fix for IBM Rational Team Concert Build Agent) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM Rational Team Concert Build Agent.
Oct 20 2015 (Oracle Issues Fix for Oracle Fusion Middleware) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Oracle has issued a fix for Oracle Fusion Middleware Oracle Exalogic Infrastructure.
Oct 20 2015 (Oracle Issues Fix for Oracle Supply Chain Products Suite) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Oracle has issued a fix for Oracle Supply Chain Products Suite Oracle Transportation Management.
Oct 20 2015 (Oracle Issues Fix for Oracle PeopleSoft Products) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Oracle has issued a fix for Oracle PeopleSoft PeopleTools.
Nov 9 2015 (IBM Issues Fix for IBM WebSphere MQ on HP NonStop-HP/UX) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM WebSphere MQ on HP NonStop-HP/UX.
Nov 13 2015 (IBM Issues Fix for IBM WebSphere MQ for IBM i) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
IBM has issued a fix for IBM WebSphere MQ for IBM i.
Jan 20 2016 (Oracle Issues Fix for Oracle HTTP Server) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Oracle has issued a fix for Oracle HTTP Server.
Jun 3 2016 (HP Issues Fix for HPE BladeSystem) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
HP has issued a fix for HPE BladeSystem.
Jul 19 2016 (Oracle Issues Fix for Oracle Primavera Products Suite) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Oracle has issued a fix for Oracle Primavera Products Suite.
Aug 19 2016 (Palo Alto Networks Issues Fix for Palo Alto PAN-OS) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Palo Alto Networks has issued a fix for Palo Alto PAN-OS.
Sep 15 2016 (Citrix Issues Fix for Citrix NetScaler) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Citrix has issued a fix for Citrix NetScaler.
Oct 20 2016 (Palo Alto Networks Issues Fix for Palo Alto PAN-OS) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
Palo Alto Networks has issued a fix for Palo Alto PAN-OS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC