Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в PolarSSL
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13381
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, переполнение буфера, timing-атаки.
Затронутые продукты:POLARSSL : PolarSSL 1.2
CVE:CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.)
 CVE-2013-5914 (Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarSSL before 1.1.8, when using TLS 1.1, might allow remote attackers to execute arbitrary code via a long packet.)
 CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certificate message that contains a PEM encoded certificate.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2782-1] polarssl security update (28.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород