HP Systems Insight Manager - HPSBMU03076 (CVE-2014-3470): Linux and Windows running OpenSSL, Multiple Vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | June 05, 2014 | October 13, 2015 | October 12, 2017 |
Description
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- SUSE-SUSE-SU-2015:0578
- SUSE-SUSE-SU-2015:0743
- SECUNIA-58337
- SECUNIA-58615
- SECUNIA-58667
- SECUNIA-58713
- SECUNIA-58714
- SECUNIA-58716
- SECUNIA-58742
- SECUNIA-58945
- SECUNIA-58977
- SECUNIA-59167
- SECUNIA-59175
- SECUNIA-59189
- SECUNIA-59192
- SECUNIA-59223
- SECUNIA-59264
- SECUNIA-59282
- SECUNIA-59284
- SECUNIA-59287
- SECUNIA-59306
- SECUNIA-59310
- SECUNIA-59340
- SECUNIA-59362
- SECUNIA-59364
- SECUNIA-59365
- SECUNIA-59431
- SECUNIA-59437
- SECUNIA-59440
- SECUNIA-59441
- SECUNIA-59445
- SECUNIA-59449
- SECUNIA-59460
- SECUNIA-59483
- SECUNIA-59518
- SECUNIA-59525
- SECUNIA-61254
- GENTOO-GLSA-201407-05
- MANDRIVA-MDVSA-2014:105
- MANDRIVA-MDVSA-2014:106
- MANDRIVA-MDVSA-2015:062
- BID-67898
- NVD-CVE-2014-3470
- UBUNTU-USN-2232-1
- DEBIAN-DLA-0003-1
- DEBIAN-DSA-2950
Solution
hp-systems-insight-manager-update-latestRelated Vulnerabilities
- RHSA-2014:0679: openssl security update
- VMware Workstation: OpenSSL update for multiple products (VMSA-2014-0006) (CVE-2014-3470)
- Cisco NX-OS: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (Multiple CVEs)
- VMSA-2014-0006: OpenSSL update for multiple products. (CVE-2014-3470)
- Oracle Linux: CVE-2014-3470: ELSA-2016-3558 - openssl security update
- HP System Management Homepage - HPSBMU03051 (CVE-2014-3470): OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
- Cent OS: CVE-2014-3470: CESA-2014:0625 (openssl)
- ELSA-2014-0679 Important: Oracle Linux openssl security update
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-14:14.openssl) (Multiple CVEs)
- RHSA-2014:0625: openssl security update
- DSA-2950-1 openssl -- security update
- OS X update for Note: (CVE-2014-3470)
- Cisco SAN-OS: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (Multiple CVEs)
- ELSA-2014-0625 Important: Oracle Linux openssl security update
- Alpine Linux: CVE-2014-3470: openssl multiple issues
- OS X update for OpenSSL (CVE-2014-3470)
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- Oracle Solaris 11: CVE-2014-3470: Vulnerability in OpenSSL
- OpenSSL Anonymous ECDH denial of service (CVE-2014-3470)
- VMware Player: OpenSSL update for multiple products (VMSA-2014-0006) (CVE-2014-3470)
- HP-UX: CVE-2014-3470: Remote Code Execution or Unauthorized Accesss
- SUSE: CVE-2014-3470: SUSE Linux Security Advisory
- Gentoo Linux: CVE-2014-3470: OpenSSL: Multiple vulnerabilities
- IBM AIX: openssl_advisory9 (CVE-2014-3470): Vulnerabilities in OpenSSL affects AIX
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-349) (multiple CVEs)
- VMware Fusion: OpenSSL update for multiple products (VMSA-2014-0006) (CVE-2014-3470)
- USN-2232-1: OpenSSL vulnerabilities
- Cisco IOS: cisco-sa-20140605-openssl: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products