CVE-2009-1378 Information
Share on:Description
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers aka \DTLS fragment handling memory leak.\
Reference
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc http://cvs.openssl.org/chngview?cn=18188 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://marc.info/?l=openssl-dev&m=124247679213944&w=2 http://marc.info/?l=openssl-dev&m=124263491424212&w=2 http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest http://secunia.com/advisories/35128 http://secunia.com/advisories/35416 http://secunia.com/advisories/35461 http://secunia.com/advisories/35571 http://secunia.com/advisories/35729 http://secunia.com/advisories/36533 http://secunia.com/advisories/37003 http://secunia.com/advisories/38761 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://secunia.com/advisories/42724 http://secunia.com/advisories/42733 http://security.gentoo.org/glsa/glsa-200912-01.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.708010540users.sourceforge.net http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:120 http://www.openwall.com/lists/oss-security/2009/05/18/1 http://www.redhat.com/support/errata/RHSA-2009-1335.html http://www.securityfocus.com/bid/35001 http://www.securitytracker.com/id?1022241 http://www.ubuntu.com/usn/USN-792-1 http://www.vupen.com/english/advisories/2009/1377 http://www.vupen.com/english/advisories/2010/0528 https://kb.bluecoat.com/index?page=content&id=SA50 https://launchpad.net/bugs/cve/2009-1378 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11309 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7229 https://www.exploit-db.com/exploits/8720