Vulnerability-Lookup

CVE-2010-2939 (GCVE-0-2010-2939)

Vulnerability from cvelistv5 – Published: 2010-08-17 17:31 – Updated: 2024-08-07 02:55

Summary

Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://www.mail-archive.com/openssl-dev%40openssl…	mailing-listx_refsource_MLIST
	http://marc.info/?l=bugtraq&m=130331363227777&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/42413	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/40906	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2010/dsa-2100	vendor-advisoryx_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2010/08/11/6	mailing-listx_refsource_MLIST
	http://seclists.org/fulldisclosure/2010/Aug/84	mailing-listx_refsource_FULLDISC
	http://www.vupen.com/english/advisories/2010/2229	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/2038	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1024296	vdb-entryx_refsource_SECTRACK
	http://www.ubuntu.com/usn/USN-1003-1	vendor-advisoryx_refsource_UBUNTU
	http://marc.info/?l=bugtraq&m=130331363227777&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/42309	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3077	vdb-entryx_refsource_VUPEN
	http://security.FreeBSD.org/advisories/FreeBSD-SA…	vendor-advisoryx_refsource_FREEBSD
	http://secunia.com/advisories/43312	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.mail-archive.com/openssl-dev%40openssl…	mailing-listx_refsource_MLIST
	http://www.mail-archive.com/openssl-dev%40openssl…	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/archive/1/516397/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/41105	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:45.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2010-326-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
          },
          {
            "name": "[openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
          },
          {
            "name": "HPSBMA02662",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
          },
          {
            "name": "42413",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42413"
          },
          {
            "name": "40906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40906"
          },
          {
            "name": "DSA-2100",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2100"
          },
          {
            "name": "[oss-security] 20100812 Re: CVE Request: openssl double free",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
          },
          {
            "name": "20100807 openssl-1.0.0a",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
          },
          {
            "name": "ADV-2010-2229",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2229"
          },
          {
            "name": "ADV-2010-2038",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2038"
          },
          {
            "name": "1024296",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024296"
          },
          {
            "name": "USN-1003-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1003-1"
          },
          {
            "name": "SSRT100409",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
          },
          {
            "name": "42309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42309"
          },
          {
            "name": "ADV-2010-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3077"
          },
          {
            "name": "FreeBSD-SA-10:10",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
          },
          {
            "name": "43312",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43312"
          },
          {
            "name": "SUSE-SR:2010:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "[openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
          },
          {
            "name": "[openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "41105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41105"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime.  NOTE: some sources refer to this as a use-after-free issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSA:2010-326-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
        },
        {
          "name": "[openssl-dev] 20100808 Re: openssl-1.0.0a and glibc detected sthg ;)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
        },
        {
          "name": "HPSBMA02662",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
        },
        {
          "name": "42413",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42413"
        },
        {
          "name": "40906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40906"
        },
        {
          "name": "DSA-2100",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2100"
        },
        {
          "name": "[oss-security] 20100812 Re: CVE Request: openssl double free",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
        },
        {
          "name": "20100807 openssl-1.0.0a",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
        },
        {
          "name": "ADV-2010-2229",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2229"
        },
        {
          "name": "ADV-2010-2038",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2038"
        },
        {
          "name": "1024296",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024296"
        },
        {
          "name": "USN-1003-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1003-1"
        },
        {
          "name": "SSRT100409",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
        },
        {
          "name": "42309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42309"
        },
        {
          "name": "ADV-2010-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3077"
        },
        {
          "name": "FreeBSD-SA-10:10",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
        },
        {
          "name": "43312",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43312"
        },
        {
          "name": "SUSE-SR:2010:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "[openssl-dev] 20100807 openssl-1.0.0a and glibc detected sthg ;)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
        },
        {
          "name": "[openssl-dev] 20100807 Re: openssl-1.0.0a and glibc detected sthg ;)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "41105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41105"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2939",
    "datePublished": "2010-08-17T17:31:00.000Z",
    "dateReserved": "2010-08-04T00:00:00.000Z",
    "dateUpdated": "2024-08-07T02:55:45.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2010-2939

Vulnerability from fkie_nvd - Published: 2010-08-17 20:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=130331363227777&w=2
secalert@redhat.com	http://seclists.org/fulldisclosure/2010/Aug/84
secalert@redhat.com	http://secunia.com/advisories/40906	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/41105
secalert@redhat.com	http://secunia.com/advisories/42309
secalert@redhat.com	http://secunia.com/advisories/42413
secalert@redhat.com	http://secunia.com/advisories/43312
secalert@redhat.com	http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
secalert@redhat.com	http://securitytracker.com/id?1024296
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2100
secalert@redhat.com	http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html
secalert@redhat.com	http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html
secalert@redhat.com	http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/08/11/6
secalert@redhat.com	http://www.securityfocus.com/archive/1/516397/100/0/threaded
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1003-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2038	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2229
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/3077
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=130331363227777&w=2
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2010/Aug/84
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40906	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41105
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42309
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42413
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43312
af854a3a-2127-422b-91ae-364da2661108	http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024296
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668793
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2100
af854a3a-2127-422b-91ae-364da2661108	http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/08/11/6
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1003-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2038	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2229
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3077

Impacted products

Vendor	Product	Version
openssl	openssl	0.9.7
openssl	openssl	0.9.8
openssl	openssl	1.0.0a

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime.  NOTE: some sources refer to this as a use-after-free issue."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de doble liberaci\u00f3n en la funci\u00f3n ssl3_get_key_exchange en el cliente OpenSSL (ssl/s3_clnt.c) de OpenSSL v1.0.0a, v0.9.8, v0.9.7, y posiblemente otras versiones, cuando usa ECDH, permite a atacantes depediendo del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de claves privadas manipuladas con un n\u00famero no v\u00e1lido. NOTA: algunas fuentes se refieren a esto como un problema de uso despu\u00e9s de la liberaci\u00f3n."
    }
  ],
  "id": "CVE-2010-2939",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-17T20:00:03.923",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40906"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/41105"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42309"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42413"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43312"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1024296"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2100"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1003-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2038"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2229"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/3077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/41105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1003-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3077"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F7M9-58QQ-WP2M

Vulnerability from github – Published: 2022-05-14 02:43 – Updated: 2022-05-14 02:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2939"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-08-17T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime.  NOTE: some sources refer to this as a use-after-free issue.",
  "id": "GHSA-f7m9-58qq-wp2m",
  "modified": "2022-05-14T02:43:43Z",
  "published": "2022-05-14T02:43:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2939"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40906"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41105"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42309"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42413"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43312"
    },
    {
      "type": "WEB",
      "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1024296"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2100"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28045.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg28049.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-1003-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2038"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2229"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/3077"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-2939

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2939

Aliases

CVE-2010-2939

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2939",
    "description": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime.  NOTE: some sources refer to this as a use-after-free issue.",
    "id": "GSD-2010-2939",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-2939.html",
      "https://www.debian.org/security/2010/dsa-2100"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2939"
      ],
      "details": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.",
      "id": "GSD-2010-2939",
      "modified": "2023-12-13T01:21:31.481475Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-2939",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2010/Aug/84",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
          },
          {
            "name": "http://secunia.com/advisories/40906",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/40906"
          },
          {
            "name": "http://secunia.com/advisories/41105",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/41105"
          },
          {
            "name": "http://secunia.com/advisories/42309",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42309"
          },
          {
            "name": "http://secunia.com/advisories/42413",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42413"
          },
          {
            "name": "http://secunia.com/advisories/43312",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43312"
          },
          {
            "name": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc",
            "refsource": "MISC",
            "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
          },
          {
            "name": "http://securitytracker.com/id?1024296",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1024296"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
          },
          {
            "name": "http://www.debian.org/security/2010/dsa-2100",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2010/dsa-2100"
          },
          {
            "name": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html",
            "refsource": "MISC",
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
          },
          {
            "name": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html",
            "refsource": "MISC",
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
          },
          {
            "name": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html",
            "refsource": "MISC",
            "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2010/08/11/6",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-1003-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-1003-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/2038",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/2038"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/2229",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/2229"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/3077",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/3077"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-2939"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1024296",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1024296"
            },
            {
              "name": "20100807 openssl-1.0.0a",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2010/Aug/84"
            },
            {
              "name": "[oss-security] 20100812 Re: CVE Request: openssl double free",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2010/08/11/6"
            },
            {
              "name": "40906",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40906"
            },
            {
              "name": "ADV-2010-2038",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2038"
            },
            {
              "name": "41105",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/41105"
            },
            {
              "name": "DSA-2100",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-2100"
            },
            {
              "name": "ADV-2010-2229",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/2229"
            },
            {
              "name": "USN-1003-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-1003-1"
            },
            {
              "name": "FreeBSD-SA-10:10",
              "refsource": "FREEBSD",
              "tags": [],
              "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc"
            },
            {
              "name": "42309",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42309"
            },
            {
              "name": "SSA:2010-326-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.668793"
            },
            {
              "name": "ADV-2010-3077",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/3077"
            },
            {
              "name": "42413",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42413"
            },
            {
              "name": "SUSE-SR:2010:021",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "43312",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43312"
            },
            {
              "name": "HPSBMA02662",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=130331363227777\u0026w=2"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            },
            {
              "name": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28045.html"
            },
            {
              "name": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28043.html"
            },
            {
              "name": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.mail-archive.com/openssl-dev%40openssl.org/msg28049.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2023-02-13T03:19Z",
      "publishedDate": "2010-08-17T20:00Z"
    }
  }
}

CERTA-2011-AVI-240

Vulnerability from certfr_avis - Published: 2011-04-21 - Updated: 2011-04-21

Plusieurs vulnérabilités ont été corrigées dans HP Systems Management Homepage.

Description

Plusieurs vulnérabilités non divulguées ont été corrigées dans HP Systems Management Homepage. Les impacts signalés par l'éditeur sont:

contournement des protections d'accès à un système,
exécution de code arbitraire,
réalisation d'un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	HP Systems Management Homepage pour Linux (AMD64/EM64T) versions antérieures à 6.3;
Microsoft	Windows	HP Systems Management Homepage pour Windows versions antérieures à 6.3.
Microsoft	N/A	HP Systems Management Homepage pour Linux (x86) versions antérieures à 6.3;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2939 (GCVE-0-2010-2939)

FKIE_CVE-2010-2939

GHSA-F7M9-58QQ-WP2M

GSD-2010-2939

CERTA-2011-AVI-240

Description

Solution

Tags

Sightings

Nomenclature