PT-2014-1692 · Openssl+4 · Openssl+4

Publicado

2014-10-15

Atualizado

2024-06-15

CVE-2014-3568

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8zc OpenSSL versions prior to 1.0.0o OpenSSL versions prior to 1.0.1j

Description The issue allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to files s23 clnt.c and s23 srvr.c. This is due to the improper enforcement of the no-ssl3 build option. The vulnerability can be exploited to bypass access restrictions.

Recommendations For versions prior to 0.9.8zc, update to version 0.9.8zc or later. For versions prior to 1.0.0o, update to version 1.0.0o or later. For versions prior to 1.0.1j, update to version 1.0.1j or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

ALT-PU-2014-2312

BDU:2015-00641

BDU:2015-09775

CVE-2014-3568

DLA-81-1

DSA-3053-1

HPSBUX03162

OPENSUSE-SU-2014_1331-1

OPENSUSE-SU-2016_0640-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0182-2

SUSE-SU-2015:0543-1

SUSE-SU-2015:0545-1

SUSE-SU-2015:0545-2

SUSE-SU-2015:0546-1

SUSE-SU-2015:0578-1

SUSE-SU-2015:1182-1

SUSE-SU-2015:1182-2

SUSE-SU-2015:1183-1

SUSE-SU-2015:1184-1

SUSE-SU-2015:1184-2

SUSE-SU-2015:1185-1

SUSE-SU-403

Produtos afetados

Alt Linux

Hp-Ux

Openssl

Suse

Vmware Vcenter

PT-2014-1692 · Openssl+4 · Openssl+4

CVE-2014-3568

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 430