PT-2014-1692 · Openssl+4 · Openssl+4

Published

2014-10-15

Updated

2024-06-15

CVE-2014-3568

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8zc OpenSSL versions prior to 1.0.0o OpenSSL versions prior to 1.0.1j

Description The issue allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to files s23 clnt.c and s23 srvr.c. This is due to the improper enforcement of the no-ssl3 build option. The vulnerability can be exploited to bypass access restrictions.

Recommendations For versions prior to 0.9.8zc, update to version 0.9.8zc or later. For versions prior to 1.0.0o, update to version 1.0.0o or later. For versions prior to 1.0.1j, update to version 1.0.1j or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

ALT-PU-2014-2312

BDU:2015-00641

BDU:2015-09775

CVE-2014-3568

DLA-81-1

DSA-3053-1

HPSBUX03162

OPENSUSE-SU-2014_1331-1

OPENSUSE-SU-2016_0640-1

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

SUSE-FU-2022:0445-1

SUSE-RU-2015:0769-1

SUSE-SU-2015:0182-2

SUSE-SU-2015:0543-1

SUSE-SU-2015:0545-1

SUSE-SU-2015:0545-2

SUSE-SU-2015:0546-1

SUSE-SU-2015:0578-1

SUSE-SU-2015:1182-1

SUSE-SU-2015:1182-2

SUSE-SU-2015:1183-1

SUSE-SU-2015:1184-1

SUSE-SU-2015:1184-2

SUSE-SU-2015:1185-1

SUSE-SU-403

Affected Products

Alt Linux

Hp-Ux

Openssl

Suse

Vmware Vcenter

PT-2014-1692 · Openssl+4 · Openssl+4

CVE-2014-3568

Weakness Enumeration

Related Identifiers

Affected Products

References · 430