CVE-2015-1791
CVE-2015-1791
Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.aschttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html