yaSSL 'hash.cpp' 多个缓存溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-19 09:23:11 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

yaSSL 'hash.cpp' 多个缓存溢出漏洞

  • CNNVD编号:CNNVD-200801-155
  • 危害等级: 中危
  • CVE编号: CVE-2008-0227
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2007-10-14
  • 威胁类型: 远程
  • 更新时间: 2008-10-23
  • 厂        商: yassl
  • 漏洞来源: Luigi Auriemma※ al...

漏洞简介

yaSSL是用于实现SSL的开源软件包。 yaSSL 1.7.5和早期的版本,使用的MySQL和其他产品,允许远程攻击者通过发送一个包含超长超大值的Hello数据包引起一次拒绝服务攻击,这是由于hash.cpp中的HASHwithTransform::Update函数的一个读操作缓冲溢出引发的。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.4.11 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007PPC.dmg (PPC) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serverppc. HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007Univ.dmg (Universal) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serveruniv ersal.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.4.11 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2008-007Intel.dmg (Intel) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007clientinte l.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2008-007PPC.dmg (PPC) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007clientppc. HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.5 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007.dmg http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serverleop ard.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.5.5 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2008-007.dmg http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007clientleop ard.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.5 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007.dmg http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serverleop ard.HTML

参考网址

来源: XF 名称: yassl-hashwithtransformupdate-dos(39433) 链接:http://xforce.iss.net/xforce/xfdb/39433 来源: BID 名称: 31681 链接:http://www.securityfocus.com/bid/31681 来源: BID 名称: 27140 链接:http://www.securityfocus.com/bid/27140 来源: BUGTRAQ 名称: 20080104 Multiple vulnerabilities in yaSSL 1.7.5 链接:http://www.securityfocus.com/archive/1/archive/1/485810/100/0/threaded 来源: MANDRIVA 名称: MDVSA-2008:150 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 来源: VUPEN 名称: ADV-2008-2780 链接:http://www.frsirt.com/english/advisories/2008/2780 来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 名称: http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3216 链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3216 来源: SECUNIA 名称: 32222 链接:http://secunia.com/advisories/32222 来源: SECUNIA 名称: 28324 链接:http://secunia.com/advisories/28324 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-10-09 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008/Oct/msg00001.HTML 来源: UBUNTU 名称: USN-588-1 链接:http://www.ubuntu.com/usn/usn-588-1 来源: VUPEN 名称: ADV-2008-0560 链接:http://www.frsirt.com/english/advisories/2008/0560/references 来源: DEBIAN 名称: DSA-1478 链接:http://www.debian.org/security/2008/dsa-1478 来源: SREASON 名称: 3531 链接:http://securityreason.com/securityalert/3531 来源: SECUNIA 名称: 29443 链接:http://secunia.com/advisories/29443 来源: SECUNIA 名称: 28597 链接:http://secunia.com/advisories/28597 来源: dev.mysql.com 链接:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.HTML 来源: bugs.mysql.com 链接:http://bugs.mysql.com/33814 来源:NSFOCUS 名称:11351※12469※12471※11626※11841※11869※11937※11967※12026※12103※1220 链接:http://www.nsfocus.net/vulndb/11351※12469※12471※11626※11841※11869※11937※11967※12026※12103※1220

受影响实体

  • Yassl Yassl:1.7.5  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
yaSSL 缓冲区错误漏洞 CNNVD漏洞

yaSSL 缓冲区错误漏洞

漏洞信息详情yaSSL 缓冲区错误漏洞CNNVD编号:CNNVD-200801-154危害等级: 高危CVE编号:CVE-2008-0226漏洞类型:缓冲区错误发布时间:200
07-190 评论
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0