CVE-2009-1387

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-1387
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc Broken Link Third Party Advisory
http://cvs.openssl.org/chngview?cn=17958 Broken Link Patch Third Party Advisory Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 Broken Link Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.html Mailing List Third Party Advisory
http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest Broken Link Patch Third Party Advisory
http://secunia.com/advisories/35571 Third Party Advisory
http://secunia.com/advisories/35685 Third Party Advisory
http://secunia.com/advisories/35729 Third Party Advisory
http://secunia.com/advisories/36533 Third Party Advisory
http://secunia.com/advisories/37003 Third Party Advisory
http://secunia.com/advisories/38794 Third Party Advisory
http://secunia.com/advisories/38834 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200912-01.xml Third Party Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net Broken Link
http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/06/02/1 Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1335.html Third Party Advisory
http://www.ubuntu.com/usn/USN-792-1 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528 Permissions Required Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740 Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592 Tool Signature
Configurations

Configuration 1 (hide)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
History

07 Feb 2024, 18:01

Type Values Removed Values Added
CPE cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

02 Feb 2022, 15:15

Type Values Removed Values Added
CPE cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-2:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-5:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_perl:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-7:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-2:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-8:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-2:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openssl:0.9.6b-3:*:i386:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-7:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-3:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-5:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-6:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-6:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:openvms:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-8:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openssl:0.9.7a-2:*:i386_dev:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-6:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8d-2:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-2:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8e-4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8g-4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openssl:0.9.6-15:*:i386:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-9:*:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8f-8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl_project:openssl:0.9.8c-4:*:*:*:*:*:*:*		 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
References (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 - (HP) http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 - Broken Link, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/35729 - (SECUNIA) http://secunia.com/advisories/35729 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2009/06/02/1 - (MLIST) http://www.openwall.com/lists/oss-security/2009/06/02/1 - Mailing List, Third Party Advisory
References (MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000082.html - (MLIST) http://lists.vmware.com/pipermail/security-announce/2010/000082.html - Mailing List, Third Party Advisory
References (CONFIRM) http://cvs.openssl.org/chngview?cn=17958 - Patch (CONFIRM) http://cvs.openssl.org/chngview?cn=17958 - Broken Link, Patch, Third Party Advisory, Vendor Advisory
References (VUPEN) http://www.vupen.com/english/advisories/2010/0528 - (VUPEN) http://www.vupen.com/english/advisories/2010/0528 - Permissions Required, Third Party Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740 - Tool Signature
References (SECUNIA) http://secunia.com/advisories/35571 - (SECUNIA) http://secunia.com/advisories/35571 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/37003 - (SECUNIA) http://secunia.com/advisories/37003 - Third Party Advisory
References (CONFIRM) http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest - Patch (CONFIRM) http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest - Broken Link, Patch, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/38834 - (SECUNIA) http://secunia.com/advisories/38834 - Third Party Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1335.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1335.html - Third Party Advisory
References (CONFIRM) http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html - (CONFIRM) http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/35685 - (SECUNIA) http://secunia.com/advisories/35685 - Third Party Advisory
References (UBUNTU) http://www.ubuntu.com/usn/USN-792-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-792-1 - Third Party Advisory
References (NETBSD) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc - (NETBSD) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc - Broken Link, Third Party Advisory
References (CONFIRM) http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net - (CONFIRM) http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net - Broken Link
References (SECUNIA) http://secunia.com/advisories/36533 - (SECUNIA) http://secunia.com/advisories/36533 - Third Party Advisory
References (GENTOO) http://security.gentoo.org/glsa/glsa-200912-01.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-200912-01.xml - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/38794 - (SECUNIA) http://secunia.com/advisories/38794 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - Third Party Advisory
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592 - Tool Signature
CWE CWE-399 CWE-476
First Time Canonical ubuntu Linux
Canonical
Information

Published : 2009-06-04 16:30

Updated : 2024-02-07 18:01

NVD link : CVE-2009-1387

Mitre link : CVE-2009-1387

CVE.ORG link : CVE-2009-1387

JSON object : View

Products Affected

canonical

  • ubuntu_linux

redhat

  • openssl

openssl

  • openssl
CWE
CWE-476

NULL Pointer Dereference