Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105363
Categoría:F5 Local Security Checks
Título:F5 BIG-IP - PKCS #7 vulnerability CVE-2015-1790
Resumen:The remote host is missing a security patch.
Descripción:Summary:
The remote host is missing a security patch.

Vulnerability Insight:
The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. (CVE-2015-1790)

Vulnerability Impact:
An attacker may be able to craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.Note: This vulnerability is exploitable only through the BIG-IP control plane (non-Traffic Management Microkernel (TMM) related tasks).

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1790
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 75157
http://www.securityfocus.com/bid/75157
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Cisco Security Advisory: 20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
Debian Security Information: DSA-3287 (Google Search)
http://www.debian.org/security/2015/dsa-3287
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html
https://security.gentoo.org/glsa/201506-02
HPdes Security Advisory: HPSBGN03371
http://marc.info/?l=bugtraq&m=143654156615516&w=2
HPdes Security Advisory: HPSBMU03409
http://marc.info/?l=bugtraq&m=144050155601375&w=2
HPdes Security Advisory: HPSBUX03388
http://marc.info/?l=bugtraq&m=143880121627664&w=2
HPdes Security Advisory: SSRT102180
NETBSD Security Advisory: NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
RedHat Security Advisories: RHSA-2015:1115
http://rhn.redhat.com/errata/RHSA-2015-1115.html
RedHat Security Advisories: RHSA-2015:1197
http://rhn.redhat.com/errata/RHSA-2015-1197.html
http://www.securitytracker.com/id/1032564
SuSE Security Announcement: SUSE-SU-2015:1143 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
SuSE Security Announcement: SUSE-SU-2015:1150 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:1181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:1183 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
SuSE Security Announcement: SUSE-SU-2015:1184 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
SuSE Security Announcement: SUSE-SU-2015:1185 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
SuSE Security Announcement: openSUSE-SU-2015:1139 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
SuSE Security Announcement: openSUSE-SU-2016:0640 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://www.ubuntu.com/usn/USN-2639-1
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.