漏洞信息详情
yaSSL 'hash.cpp' 多个缓存溢出漏洞
- CNNVD编号:CNNVD-200801-155
- 危害等级: 中危
- CVE编号: CVE-2008-0227
- 漏洞类型: 缓冲区溢出
- 发布时间: 2007-10-14
- 威胁类型: 远程
- 更新时间: 2008-10-23
- 厂 商: yassl
- 漏洞来源: Luigi Auriemma※ al...
漏洞简介
yaSSL是用于实现SSL的开源软件包。 yaSSL 1.7.5和早期的版本,使用的MySQL和其他产品,允许远程攻击者通过发送一个包含超长超大值的Hello数据包引起一次拒绝服务攻击,这是由于hash.cpp中的HASHwithTransform::Update函数的一个读操作缓冲溢出引发的。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.4.11 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007PPC.dmg (PPC) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serverppc. HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007Univ.dmg (Universal) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serveruniv ersal.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.4.11 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2008-007Intel.dmg (Intel) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007clientinte l.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2008-007PPC.dmg (PPC) http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007clientppc. HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.5 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007.dmg http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serverleop ard.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X 10.5.5 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpd2008-007.dmg http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007clientleop ard.HTML CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac OS X Server 10.5.5 CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple SecUpdSrvr2008-007.dmg http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/support/downloads/securityupdate2008007serverleop ard.HTML
参考网址
来源: XF 名称: yassl-hashwithtransformupdate-dos(39433) 链接:http://xforce.iss.net/xforce/xfdb/39433 来源: BID 名称: 31681 链接:http://www.securityfocus.com/bid/31681 来源: BID 名称: 27140 链接:http://www.securityfocus.com/bid/27140 来源: BUGTRAQ 名称: 20080104 Multiple vulnerabilities in yaSSL 1.7.5 链接:http://www.securityfocus.com/archive/1/archive/1/485810/100/0/threaded 来源: MANDRIVA 名称: MDVSA-2008:150 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 来源: VUPEN 名称: ADV-2008-2780 链接:http://www.frsirt.com/english/advisories/2008/2780 来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com 名称: http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3216 链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3216 来源: SECUNIA 名称: 32222 链接:http://secunia.com/advisories/32222 来源: SECUNIA 名称: 28324 链接:http://secunia.com/advisories/28324 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-10-09 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008/Oct/msg00001.HTML 来源: UBUNTU 名称: USN-588-1 链接:http://www.ubuntu.com/usn/usn-588-1 来源: VUPEN 名称: ADV-2008-0560 链接:http://www.frsirt.com/english/advisories/2008/0560/references 来源: DEBIAN 名称: DSA-1478 链接:http://www.debian.org/security/2008/dsa-1478 来源: SREASON 名称: 3531 链接:http://securityreason.com/securityalert/3531 来源: SECUNIA 名称: 29443 链接:http://secunia.com/advisories/29443 来源: SECUNIA 名称: 28597 链接:http://secunia.com/advisories/28597 来源: dev.mysql.com 链接:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.HTML 来源: bugs.mysql.com 链接:http://bugs.mysql.com/33814 来源:NSFOCUS 名称:11351※12469※12471※11626※11841※11869※11937※11967※12026※12103※1220 链接:http://www.nsfocus.net/vulndb/11351※12469※12471※11626※11841※11869※11937※11967※12026※12103※1220
受影响实体
- Yassl Yassl:1.7.5
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论