• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability

Bugtraq ID:	35174
Class:	Design Error
CVE:	CVE-2009-1386
Remote:	Yes
Local:	No
Published:	Jun 02 2009 12:00AM
Updated:	Oct 15 2009 10:08PM
Credit:	Alex Lam
Vulnerable:	Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 S.u.S.E. SUSE Linux Enterprise Server RT Solution 10 0 S.u.S.E. SUSE Linux Enterprise Server 9 SP3 S.u.S.E. SUSE Linux Enterprise Server 9 S.u.S.E. SUSE Linux Enterprise Server 11 + Linux kernel 2.6.5 S.u.S.E. SUSE Linux Enterprise Server 10 SP2 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SUSE Linux Enterprise 10 SP2 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. openSUSE 11.1 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. Linux Enterprise Server 9-SP3 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 10.SP2 SP S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 S.u.S.E. Linux Enterprise Desktop 10 SP2 S.u.S.E. Linux Enterprise Desktop 10 SP2 S.u.S.E. Linux Enterprise Desktop 10 SP1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux 5 server OpenSSL Project OpenSSL 0.9.8 h OpenSSL Project OpenSSL 0.9.8 e OpenSSL Project OpenSSL 0.9.8 d OpenSSL Project OpenSSL 0.9.8 c OpenSSL Project OpenSSL 0.9.8 b OpenSSL Project OpenSSL 0.9.8 a OpenSSL Project OpenSSL 0.9.8 + Gentoo Linux OpenSSL Project OpenSSL 0.9.7 m OpenSSL Project OpenSSL 0.9.7 l OpenSSL Project OpenSSL 0.9.7 k OpenSSL Project OpenSSL 0.9.7 j OpenSSL Project OpenSSL 0.9.7 i OpenSSL Project OpenSSL 0.9.7 h OpenSSL Project OpenSSL 0.9.7 g OpenSSL Project OpenSSL 0.9.7 f OpenSSL Project OpenSSL 0.9.7 e OpenSSL Project OpenSSL 0.9.7 d OpenSSL Project OpenSSL 0.9.7 c + OpenPKG OpenPKG 2.0 + Slackware Linux 9.1 + Slackware Linux 9.0 + Slackware Linux -current OpenSSL Project OpenSSL 0.9.7 beta3 OpenSSL Project OpenSSL 0.9.7 beta2 OpenSSL Project OpenSSL 0.9.7 beta1 OpenSSL Project OpenSSL 0.9.7 b + OpenPKG OpenPKG 1.3 OpenSSL Project OpenSSL 0.9.7 a + Conectiva Linux 9.0 + OpenPKG OpenPKG Current OpenSSL Project OpenSSL 0.9.7 OpenSSL Project OpenSSL 0.9.6 m OpenSSL Project OpenSSL 0.9.6 l OpenSSL Project OpenSSL 0.9.6 k OpenSSL Project OpenSSL 0.9.6 j OpenSSL Project OpenSSL 0.9.6 i OpenSSL Project OpenSSL 0.9.6 h OpenSSL Project OpenSSL 0.9.6 g OpenSSL Project OpenSSL 0.9.6 f OpenSSL Project OpenSSL 0.9.6 e + FreeBSD FreeBSD 4.6 -RELEASE + FreeBSD FreeBSD 4.6 OpenSSL Project OpenSSL 0.9.6 d + Slackware Linux 8.1 OpenSSL Project OpenSSL 0.9.6 c + Conectiva Linux 8.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + MandrakeSoft Linux Mandrake 8.2 + S.u.S.E. Linux 8.0 i386 + S.u.S.E. Linux 8.0 OpenSSL Project OpenSSL 0.9.6 b-36.8 OpenSSL Project OpenSSL 0.9.6 b + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + OpenBSD OpenBSD 3.1 + OpenBSD OpenBSD 3.0 + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux AS 2.1 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i686 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 + RedHat Linux Advanced Work Station 2.1 + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux Connectivity Server + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Enterprise Server 7 + S.u.S.E. Linux Firewall on CD + S.u.S.E. Office Server + S.u.S.E. SuSE eMail Server III + Sun Linux 5.0.7 + Sun Linux 5.0.6 + Sun Linux 5.0.5 + Sun Linux 5.0.3 + Sun Linux 5.0 OpenSSL Project OpenSSL 0.9.6 a + Conectiva Linux 7.0 + NetBSD NetBSD 1.5.3 + NetBSD NetBSD 1.5.2 + NetBSD NetBSD 1.5.1 + NetBSD NetBSD 1.5 + S.u.S.E. Linux 7.2 i386 + S.u.S.E. Linux 7.1 sparc + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha + S.u.S.E. Linux 7.1 OpenSSL Project OpenSSL 0.9.6 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 6.0 + EnGarde Secure Linux 1.0.1 + HP Secure OS software for Linux 1.0 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + NetBSD NetBSD 1.6 beta + NetBSD NetBSD 1.6 + NetBSD NetBSD 1.5.3 + NetBSD NetBSD 1.5.2 + NetBSD NetBSD 1.5.1 + NetBSD NetBSD 1.5 + OpenBSD OpenBSD 2.9 + OpenPKG OpenPKG 1.0 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 alpha + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.0 sparc + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 OpenSSL Project OpenSSL 0.9.8h OpenSSL Project OpenSSL 0.9.8g OpenSSL Project OpenSSL 0.9.8g OpenSSL Project OpenSSL 0.9.8f OpenSSL Project OpenSSL 0.9.8 f NetBSD NetBSD 4.0.2 NetBSD NetBSD 4.0.1 NetBSD NetBSD 5.0 RC3 NetBSD NetBSD 5.0 NetBSD NetBSD 4.0 BETA2 NetBSD NetBSD 4.0 NetBSD NetBSD 4,0_Beta MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Aura Session Manager 1.1
Not Vulnerable:	OpenSSL Project OpenSSL 0.9.8 i