Oracle Solaris 11: CVE-2014-0160: Vulnerability in OpenSSL
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | April 07, 2014 | May 29, 2017 | May 29, 2017 |
Available Exploits 
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- BID-66690
- CERT-TA14-098A
- CERT-VN-720951
- CVE-2014-0160
- DEBIAN-DSA-2896
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0033046
- IAVM-2012-A-0104
- REDHAT-RHSA-2014:0376
- REDHAT-RHSA-2014:0377
- REDHAT-RHSA-2014:0378
- REDHAT-RHSA-2014:0396
- SUSE-SUSE-SA:2014:002
- URL: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1
Solution
oracle-solaris-11-2-upgrade-entire-0-5-11-0-175-2-0-0-42-0Related Vulnerabilities
- F5 Networks: K15159 (CVE-2014-0160): OpenSSL vulnerability CVE-2014-0160
- RHSA-2014:0376: openssl security update
- VMware Workstation: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0160)
- Gentoo Linux: CVE-2014-0160: AMD64 x86 emulation base libraries: Multiple vulnerabilities
- HP Systems Insight Manager - (Multiple Advisories) (CVE-2014-0160): Bundled Software running OpenSSL, Remote Disclosure of Information
- HP System Management Homepage - HPSBMU02998 (CVE-2014-0160): OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
- OpenSSL Heartbleed Vulnerability (CVE-2014-0160)
- VMware Player: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0160)
- VMSA-2014-0004: Information Disclosure vulnerability in OpenSSL third party library (CVE-2014-0160)
- RHSA-2014:0396: rhev-hypervisor6 security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- RHSA-2014:0378: rhev-hypervisor6 security update
- Google Android Vulnerability: CVE-2014-0160
- USN-2165-1: OpenSSL vulnerabilities
- RHSA-2014:0416: rhevm-spice-client security update
- SUSE: CVE-2014-0160: SUSE Linux Security Advisory
- FreeBSD: OpenSSL -- Remote Information Disclosure (FreeBSD-SA-14:06.openssl) (CVE-2014-0160)
- Oracle Linux: CVE-2014-0160: ELSA-2016-3558 - openssl security update
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- Cent OS: CVE-2014-0160: CESA-2014:0376 (openssl)
- ELSA-2014-0376 Important: Oracle Linux openssl security update
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-320) (multiple CVEs)
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- DSA-2896-1 openssl -- security update
- Juniper Junos OS: 2014-04 Out of Cycle Security Bulletin: Multiple products affected by OpenSSL "Heartbleed" issue (JSA10623) (CVE-2014-0160)
- VMware Fusion: Information Disclosure vulnerability in OpenSSL third party library (VMSA-2014-0004) (CVE-2014-0160)