CVE-2008-0891 - OpenCVE

Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openssl	Openssl

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8g:::::::*

References

Link	Resource
http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
http://secunia.com/advisories/30405	Vendor Advisory
http://secunia.com/advisories/30460
http://secunia.com/advisories/30825
http://secunia.com/advisories/30852
http://secunia.com/advisories/30868
http://secunia.com/advisories/31228
http://secunia.com/advisories/31288
http://security.gentoo.org/glsa/glsa-200806-08.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004
http://sourceforge.net/project/shownotes.php?release_id=615606
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400
http://www.kb.cert.org/vuls/id/661475	US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:107
http://www.openssl.org/news/secadv_20080528.txt
http://www.securityfocus.com/bid/29405	Patch
http://www.securitytracker.com/id?1020121
http://www.ubuntu.com/usn/usn-620-1
http://www.vupen.com/english/advisories/2008/1680
http://www.vupen.com/english/advisories/2008/1937/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42666
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2008-05-29T16:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-02-21T00:00:00

Link: CVE-2008-0891

JSON object: View

NVD Information

Status : Modified

Published: 2008-05-29T16:32:00.000

Modified: 2023-11-07T02:01:49.873

Link: CVE-2008-0891

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html"}, {"name": "SSA:2008-210-08", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004"}, {"name": "30852", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30852"}, {"name": "FEDORA-2008-4723", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html"}, {"tags": ["x_refsource_MISC"], "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400"}, {"name": "openssl-servername-dos(42666)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42666"}, {"name": "30460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30460"}, {"name": "30825", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30825"}, {"name": "ADV-2008-1680", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1680"}, {"name": "1020121", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020121"}, {"name": "USN-620-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-620-1"}, {"name": "30868", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30868"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openssl.org/news/secadv_20080528.txt"}, {"name": "GLSA-200806-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200806-08.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=615606"}, {"name": "31288", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31288"}, {"name": "30405", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30405"}, {"name": "29405", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29405"}, {"name": "ADV-2008-1937", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1937/references"}, {"name": "31228", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31228"}, {"name": "MDVSA-2008:107", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107"}, {"name": "VU#661475", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/661475"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-0891", "datePublished": "2008-05-29T16:00:00", "dateReserved": "2008-02-21T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de doble liberaci\u00f3n en OpenSSL 0.9.8f y 0.9.8g, cuando las extensiones de nombre de servidor TLS est\u00e1n habilitadas, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un paquete manipulado. NOTA: Algunos de estos detalles se han obtenido de fuentes de terceros."}], "id": "CVE-2008-0891", "lastModified": "2023-11-07T02:01:49.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-05-29T16:32:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30405"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30460"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30825"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30852"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30868"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31228"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/31288"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200806-08.xml"}, {"source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.562004"}, {"source": "secalert@redhat.com", "url": "http://sourceforge.net/project/shownotes.php?release_id=615606"}, {"source": "secalert@redhat.com", "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738400"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/661475"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:107"}, {"source": "secalert@redhat.com", "url": "http://www.openssl.org/news/secadv_20080528.txt"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29405"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1020121"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-620-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/1680"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/1937/references"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42666"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01029.html"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2008-05-30T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}