Rapid7 Vulnerability & Exploit Database

USN-2165-1: OpenSSL vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-2165-1: OpenSSL vulnerabilities

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

03/25/2014

Created

07/25/2018

Added

04/08/2014

Modified

05/05/2022

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Solution(s)

ubuntu-upgrade-libssl1-0-0

References

https://attackerkb.com/topics/cve-2014-0076
66363
66690
TA14-098A
720951
CVE - 2014-0076
CVE - 2014-0160
DSA-2896
Category I
V0033046
V0052625
V0053201
V0060737
2012-A-0104
2014-A-0100
2014-B-0077
2015-A-0113
RHSA-2014:0376
RHSA-2014:0377
RHSA-2014:0378
RHSA-2014:0396
SUSE-SA:2014:002
USN-2165-1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;