CVE-2009-1386
Published: 4 June 2009
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
Notes
Author | Note |
---|---|
mdeslaur | PoC: http://www.milw0rm.com/exploits/8873 |
Priority
Status
Package | Release | Status |
---|---|---|
openssl Launchpad, Ubuntu, Debian |
dapper |
Released
(0.9.8a-7ubuntu0.9)
|
hardy |
Released
(0.9.8g-4ubuntu3.7)
|
|
intrepid |
Released
(0.9.8g-10.1ubuntu2.4)
|
|
jaunty |
Released
(0.9.8g-15ubuntu3.2)
|
|
upstream |
Released
(0.9.8i)
|
|
Patches: upstream: http://cvs.openssl.org/chngview?cn=17369 |