SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Cisco Digital Media Products Vendors:   Cisco
(Cisco Issues Advisory for Cisco Digital Media Players) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
SecurityTracker Alert ID:  1032626
SecurityTracker URL:  http://securitytracker.com/id/1032626
CVE Reference:   CVE-2015-1791   (Links to External Site)
Date:  Jun 18 2015
Impact:   Not specified
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in OpenSSL. The impact was not specified. Cisco Digital Media Players are affected.

A remote server can return a specially crafted NewSessionTicket message to a connected multi-threaded client to cause the client to attempt to reuse a previous ticket and trigger a race condition. As a result, a double free memory error may occur in ssl3_get_new_session_ticket().

Emilia Kasper of the OpenSSL development team reported this vulnerability.

Impact:   The impact was not specified.
Solution:   Cisco has issued an advisory for Cisco Digital Media Players.

The vendor plans to issue a fix (5.3(6)RB(2P3), 5.4(1)RB(2P3)), to be available on July 15, 2015.

Cisco has assigned bug IDs CSCuu83362 (for 4300 Series), CSCuu83362 (for 4400 Series), and CSCuu82501 to this vulnerability.

The Cisco advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 4 2015 OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC