Уязвимость CVE-2010-5298: Информация

Описание

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.

Важность: MEDIUM (4,0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2010-5298

Опубликовано: 15 апреля 2014 г.

Изменено: 29 августа 2022 г.

Идентификатор типа ошибки: CWE-362

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
openssl10	p9	1.0.1h-alt1	1.0.2u-alt1.p9.2	ALT-PU-2014-1734-1	120900	Исправлено
openssl10	c9f2	1.0.1h-alt1	1.0.2u-alt1.p9.1	ALT-PU-2014-1734-1	120900	Исправлено
openssl10	c7	1.0.1j-alt1.M70C.1	1.0.1u-alt0.M70C.1	ALT-PU-2014-2316-1	133754	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
[oss-security] 20140412 Use-after-free race condition,in OpenSSL's read buffer	Mailing List Patch
http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup	Broken Link
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig	Patch Third Party Advisory
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse	Third Party Advisory
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest	Broken Link
[5.5] 004: SECURITY FIX: April 12, 2014	Third Party Advisory
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest	Broken Link
66801	Third Party Advisory VDB Entry
http://www.openssl.org/news/secadv_20140605.txt	Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA80	Broken Link
20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products	Third Party Advisory
http://www.blackberry.com/btsc/KB36051	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676035	Broken Link
59438	Not Applicable
59301	Not Applicable
59450	Not Applicable
59721	Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21677695	Third Party Advisory
59655	Not Applicable
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm	Third Party Advisory
59162	Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21676655	Third Party Advisory
58939	Not Applicable
59666	Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21677828	Third Party Advisory
59490	Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21676062	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10075	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676419	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678167	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673137	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21677527	Broken Link
59669	Not Applicable
59413	Not Applicable
59300	Not Applicable
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Third Party Advisory
http://www.fortiguard.com/advisory/FG-IR-14-018/	Third Party Advisory
59342	Not Applicable
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Third Party Advisory
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
MDVSA-2015:062	Broken Link
HPSBMU03055	Mailing List Third Party Advisory
HPSBHF03052	Mailing List Third Party Advisory
HPSBMU03051	Mailing List Third Party Advisory
HPSBMU03074	Mailing List Third Party Advisory
HPSBGN03068	Mailing List Third Party Advisory
HPSBMU03057	Mailing List Third Party Advisory
HPSBMU03076	Mailing List Third Party Advisory
HPSBMU03056	Mailing List Third Party Advisory
HPSBMU03062	Mailing List Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	Third Party Advisory
SUSE-SU-2015:0743	Mailing List Third Party Advisory
https://www.novell.com/support/kb/doc.php?id=7015271	Third Party Advisory
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755	Broken Link
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21683332	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21677836	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676889	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676879	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21676529	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0006.html	Third Party Advisory
MDVSA-2014:090	Broken Link
http://www.ibm.com/support/docview.wss?uid=swg24037783	Third Party Advisory
http://www.ibm.com/support/docview.wss?uid=swg21676356	Third Party Advisory
http://support.citrix.com/article/CTX140876	Third Party Advisory
GLSA-201407-05	Third Party Advisory
59440	Not Applicable
59437	Not Applicable
59287	Not Applicable
58977	Not Applicable
58713	Not Applicable
58337	Not Applicable
FEDORA-2014-9308	Mailing List Third Party Advisory
FEDORA-2014-9301	Mailing List Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195	Permissions Required
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629	Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0187.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	Third Party Advisory
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities	Third Party Advisory VDB Entry

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  End including
  1.0.1g
  
  Конфигурация 2
  cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
  Start including
  10.0.0
  End excliding
  10.0.13
  
  Конфигурация 3
  cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
  
  Конфигурация 4
  cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
  cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*

Версия: v24.4.2

Наверх

Уязвимость CVE-2010-5298: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3

Конфигурация 4