CVE-2015-0293

Опубликовано: 19 мар. 2015

Источник: redhat

CVSS2: 4.3

Описание

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	openssl097a	Will not fix
Red Hat Enterprise Virtualization 3	mingw-virt-viewer	Will not fix
Red Hat JBoss Enterprise Application Platform 5	openssl	Will not fix
Red Hat JBoss Enterprise Web Server 1	openssl	Will not fix
Red Hat JBoss Enterprise Web Server 3	openssl	Affected
Red Hat Enterprise Linux 4 Extended Lifecycle Support	openssl	Fixed	RHSA-2016:0306	01.03.2016
Red Hat Enterprise Linux 5	openssl	Fixed	RHSA-2015:0800	13.04.2015
Red Hat Enterprise Linux 5.6 Long Life	openssl	Fixed	RHSA-2016:0304	01.03.2016
Red Hat Enterprise Linux 5.9 Long Life	openssl	Fixed	RHSA-2016:0304	01.03.2016
Red Hat Enterprise Linux 6	openssl	Fixed	RHSA-2015:0715	23.03.2015