Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-0198

Disclosure Date: May 06, 2014
CVE-2014-0198
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • fedoraproject,
  • mariadb,
  • openssl,
  • opensuse,
  • suse

Products

  • debian linux 6.0,
  • debian linux 7.0,
  • debian linux 8.0,
  • fedora 19,
  • fedora 20,
  • linux enterprise desktop 12,
  • linux enterprise server 12,
  • linux enterprise software development kit 12,
  • linux enterprise workstation extension 12,
  • mariadb,
  • openssl,
  • opensuse 12.3,
  • opensuse 13.1

References

Canonical
CVE-2014-0198 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198)
BID-67193 (http://www.securityfocus.com/bid/67193)
Advisory
SECUNIA-59342 (http://secunia.com/advisories/59342)
SECUNIA-59669 (http://secunia.com/advisories/59669)
SECUNIA-59525 (http://secunia.com/advisories/59525)
SECUNIA-59282 (http://secunia.com/advisories/59282)
SECUNIA-59990 (http://secunia.com/advisories/59990)
SECUNIA-59264 (http://secunia.com/advisories/59264)
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15329.html
SECUNIA-59126 (http://secunia.com/advisories/59126)
SECUNIA-59306 (http://secunia.com/advisories/59306)
https://bugzilla.redhat.com/show_bug.cgi?id=1093837
HPSBGN03068 (http://marc.info?l=bugtraq&m=140544599631400&w=2)
SECUNIA-59190 (http://secunia.com/advisories/59190)
SECUNIA-59529 (http://secunia.com/advisories/59529)
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
SECUNIA-61254 (http://secunia.com/advisories/61254)
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://puppetlabs.com/security/cve/cve-2014-0198
SECUNIA-59449 (http://secunia.com/advisories/59449)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
http://www-01.ibm.com/support/docview.wss?uid=swg21676879
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
HPSBMU03074 (http://marc.info?l=bugtraq&m=140621259019789&w=2)
SECUNIA-59300 (http://secunia.com/advisories/59300)
SECUNIA-58667 (http://secunia.com/advisories/58667)
GLSA-201407-05 (http://security.gentoo.org/glsa/glsa-201407-05.xml)
SECUNIA-59284 (http://secunia.com/advisories/59284)
http://www.ibm.com/support/docview.wss?uid=swg24037783
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21676529
http://advisories.mageia.org/MGASA-2014-0204.html
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://www.securityfocus.com/archive/1/534161/100/0/threaded)
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
http://www-01.ibm.com/support/docview.wss?uid=swg21676889
FEDORA-2014-9308 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html)
SECUNIA-58945 (http://secunia.com/advisories/58945)
SECUNIA-59440 (http://secunia.com/advisories/59440)
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
SECUNIA-59655 (http://secunia.com/advisories/59655)
SECUNIA-59163 (http://secunia.com/advisories/59163)
DSA-2931 (http://www.debian.org/security/2014/dsa-2931)
http://www-01.ibm.com/support/docview.wss?uid=swg21677836
SECUNIA-59437 (http://secunia.com/advisories/59437)
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
SECUNIA-59374 (http://secunia.com/advisories/59374)
http://www.vmware.com/security/advisories/VMSA-2014-0006.html
SECUNIA-59310 (http://secunia.com/advisories/59310)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
http://www.fortiguard.com/advisory/FG-IR-14-018
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html
http://www.ibm.com/support/docview.wss?uid=swg21676356
HPSBMU03057 (http://marc.info?l=bugtraq&m=140389274407904&w=2)
http://support.citrix.com/article/CTX140876
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
SECUNIA-58939 (http://secunia.com/advisories/58939)
SECUNIA-59514 (http://secunia.com/advisories/59514)
20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl)
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
SECUNIA-59438 (http://secunia.com/advisories/59438)
SECUNIA-58714 (http://secunia.com/advisories/58714)
HPSBHF03052 (http://marc.info?l=bugtraq&m=141658880509699&w=2)
http://www.openssl.org/news/secadv_20140605.txt
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://seclists.org/fulldisclosure/2014/Dec/23)
SECUNIA-60066 (http://secunia.com/advisories/60066)
SECUNIA-59301 (http://secunia.com/advisories/59301)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00036.html
SECUNIA-59784 (http://secunia.com/advisories/59784)
https://kb.bluecoat.com/index?page=content&id=SA80
HPSBMU03076 (http://marc.info?l=bugtraq&m=140904544427729&w=2)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://www-01.ibm.com/support/docview.wss?uid=swg21678167
FEDORA-2014-9301 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html)
HPSBMU03062 (http://marc.info?l=bugtraq&m=140752315422991&w=2)
http://www.mandriva.com/security/advisories?name=MDVSA-2014:080
HPSBMU03056 (http://marc.info?l=bugtraq&m=140389355508263&w=2)
HPSBMU03051 (http://marc.info?l=bugtraq&m=140448122410568&w=2)
SECUNIA-59666 (http://secunia.com/advisories/59666)
HPSBMU03055 (http://marc.info?l=bugtraq&m=140431828824371&w=2)
SECUNIA-59413 (http://secunia.com/advisories/59413)
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
SECUNIA-59721 (http://secunia.com/advisories/59721)
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
SECUNIA-58713 (http://secunia.com/advisories/58713)
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
SECUNIA-59450 (http://secunia.com/advisories/59450)
SECUNIA-59287 (http://secunia.com/advisories/59287)
http://www-01.ibm.com/support/docview.wss?uid=swg21683332
SECUNIA-59491 (http://secunia.com/advisories/59491)
SECUNIA-58977 (http://secunia.com/advisories/58977)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00037.html
https://www.novell.com/support/kb/doc.php?id=7015271
SECUNIA-60571 (http://secunia.com/advisories/60571)
http://www.blackberry.com/btsc/KB36051
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www-01.ibm.com/support/docview.wss?uid=swg21677527
SECUNIA-59202 (http://secunia.com/advisories/59202)
SECUNIA-58337 (http://secunia.com/advisories/58337)
SECUNIA-59162 (http://secunia.com/advisories/59162)
SECUNIA-59398 (http://secunia.com/advisories/59398)
SECUNIA-59490 (http://secunia.com/advisories/59490)
SECUNIA-60049 (http://secunia.com/advisories/60049)
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf
Miscellaneous
[5.5] 005: RELIABILITY FIX: May 1, 2014 (http://www.openbsd.org/errata55.html#005_openssl)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis