Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-1386

Published: 04/06/2009 Updated: 07/02/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Openssl

Vulnerability Summary

ssl/s3_pkt.c in OpenSSL prior to 0.9.8i allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

redhat openssl 0.9.6-15

redhat openssl 0.9.6b-3

redhat openssl 0.9.7a-2

canonical ubuntu linux 9.04

canonical ubuntu linux 8.10

canonical ubuntu linux 8.04

canonical ubuntu linux 6.06

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-138{6,7}: Two OpenSSL DTLS remote DoS
Debian Bug report logs - #532037 CVE-2009-138{6,7}: Two OpenSSL DTLS remote DoS Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Fri, 5 Jun 2 ...
Ubuntu Security Notice: openssl vulnerabilities
It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests (CVE-2009-1377) ...

Exploits

Exploit DB: OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
/* * cve-2009-1386c * * OpenSSL &lt; 098i DTLS ChangeCipherSpec Remote DoS * Jon Oberheide &lt;jon@oberheideorg&gt; * jonoberheideorg * * Information: * * cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2009-1386 * * OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as * the first record instead ...
Exploit DB: OpenSSL 0.9.8.h DTLS Denial Of Service
OpenSSL versions below 098i DTLS ChangeCipherSpec remote denial of service exploit ...

References

CWE-476http://www.securityfocus.com/bid/35174http://cvs.openssl.org/chngview?cn=17369http://rt.openssl.org/Ticket/Display.html?id=1679&user=guest&pass=guesthttp://www.openwall.com/lists/oss-security/2009/06/02/1http://www.ubuntu.com/usn/USN-792-1http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/35571ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.aschttp://secunia.com/advisories/35685http://secunia.com/advisories/35729http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444http://secunia.com/advisories/38794http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://www.vupen.com/english/advisories/2010/0528http://secunia.com/advisories/38834http://secunia.com/advisories/36533http://www.redhat.com/support/errata/RHSA-2009-1335.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50963https://www.exploit-db.com/exploits/8873https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7469https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11179https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532037https://usn.ubuntu.com/792-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/8873/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook