cve-2010-0740

Vulnerability from cvelistv5

Published

2010-03-26 18:00

Modified

2024-08-07 00:59

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127128920008563&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127128920008563&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127557640302499&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127557640302499&w=2
secalert@redhat.com	http://secunia.com/advisories/39932
secalert@redhat.com	http://secunia.com/advisories/42724
secalert@redhat.com	http://secunia.com/advisories/42733
secalert@redhat.com	http://secunia.com/advisories/43311
secalert@redhat.com	http://support.apple.com/kb/HT4723
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
secalert@redhat.com	http://www.openssl.org/news/secadv_20100324.txt	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/516397/100/0/threaded
secalert@redhat.com	http://www.securitytracker.com/id?1023748
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
secalert@redhat.com	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0710	Patch, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0839
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0933
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/1216
secalert@redhat.com	https://kb.bluecoat.com/index?page=content&id=SA50
secalert@redhat.com	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
secalert@redhat.com	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127128920008563&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127128920008563&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127557640302499&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127557640302499&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39932
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42724
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42733
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43311
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4723
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
af854a3a-2127-422b-91ae-364da2661108	http://www.openssl.org/news/secadv_20100324.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/516397/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023748
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0003.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0710	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0839
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0933
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1216
af854a3a-2127-422b-91ae-364da2661108	https://kb.bluecoat.com/index?page=content&id=SA50
af854a3a-2127-422b-91ae-364da2661108	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:39.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "HPSBUX02531",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "name": "APPLE-SA-2011-06-23-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20100324.txt"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "ADV-2010-0710",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0710"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "ADV-2010-0839",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "name": "SSRT100108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "name": "MDVSA-2010:076",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "HPSBUX02517",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "1023748",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023748"
          },
          {
            "name": "39932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39932"
          },
          {
            "name": "ADV-2010-0933",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "SSRT100058",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "oval:org.mitre.oval:def:11731",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731"
          },
          {
            "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "43311",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43311"
          },
          {
            "name": "ADV-2010-1216",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1216"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "FEDORA-2010-5744",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4723"
        },
        {
          "name": "HPSBUX02531",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
        },
        {
          "name": "APPLE-SA-2011-06-23-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20100324.txt"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "name": "ADV-2010-0710",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0710"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
        },
        {
          "name": "ADV-2010-0839",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0839"
        },
        {
          "name": "SSRT100108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
        },
        {
          "name": "MDVSA-2010:076",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
        },
        {
          "name": "HPSBUX02517",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "name": "1023748",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023748"
        },
        {
          "name": "39932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39932"
        },
        {
          "name": "ADV-2010-0933",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0933"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
        },
        {
          "name": "SSRT100058",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "oval:org.mitre.oval:def:11731",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731"
        },
        {
          "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
        },
        {
          "name": "43311",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43311"
        },
        {
          "name": "ADV-2010-1216",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1216"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "FEDORA-2010-5744",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0740",
    "datePublished": "2010-03-26T18:00:00",
    "dateReserved": "2010-02-26T00:00:00",
    "dateUpdated": "2024-08-07T00:59:39.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0740\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-03-26T18:30:00.467\",\"lastModified\":\"2024-11-21T01:12:51.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ssl3_get_record en ssl/s3_pkt.c en OpenSSL v0.9.8f hasta v0.9.8m permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un registro mal formado en una conexi\u00f3n TLS que provoca una desreferencia a puntero NULL, relativo al n\u00famero de versi\u00f3n menor. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceras personas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BB38AEA-BAF0-4920-9A71-747C24444770\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F33EA2B-DE15-4695-A383-7A337AC38908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261EE631-AB43-44FE-B02A-DFAAB8D35927\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A1365ED-4651-4AB2-A64B-43782EA2F0E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC82690C-DCED-47BA-AA93-4D0C9E95B806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43B90ED1-DAB4-4239-8AD8-87E8D568D5D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9BF2DD-85EF-49CF-8D83-0DB46449E333\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39932\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/42724\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/42733\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/43311\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openssl.org/news/secadv_20100324.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516397/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1023748\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0710\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0839\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0933\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1216\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kb.bluecoat.com/index?page=content\u0026id=SA50\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39932\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42724\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42733\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openssl.org/news/secadv_20100324.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/516397/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.bluecoat.com/index?page=content\u0026id=SA50\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Per: http://www.openssl.org/news/secadv_20100324.txt\\r\\n\\r\\n\u0027Affected versions depend on the C compiler used with OpenSSL:\\r\\n\\r\\n- If \u0027short\u0027 is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m.\\r\\n- Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m.\u0027\",\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5.\",\"lastModified\":\"2010-03-27T00:00:00\"}]}}"
  }
}

ghsa-qr53-p9wq-vjrx

Vulnerability from github

Published

2022-05-02 06:15

Modified

2022-05-02 06:15

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-26T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-qr53-p9wq-vjrx",
  "modified": "2022-05-02T06:15:13Z",
  "published": "2022-05-02T06:15:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0740"
    },
    {
      "type": "WEB",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
    },
    {
      "type": "WEB",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39932"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42724"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42733"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/43311"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4723"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
    },
    {
      "type": "WEB",
      "url": "http://www.openssl.org/news/secadv_20100324.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023748"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0710"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0839"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0933"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1216"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2010-0740

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-0740

Aliases

CVE-2010-0740

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0740",
    "description": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2010-0740",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-0740.html",
      "https://packetstormsecurity.com/files/cve/CVE-2010-0740"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0740"
      ],
      "details": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2010-0740",
      "modified": "2023-12-13T01:21:28.870374Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-0740",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/42724",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "http://secunia.com/advisories/42733",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
            "refsource": "MISC",
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/516397/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
          },
          {
            "name": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4723",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT4723"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "name": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html",
            "refsource": "MISC",
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "name": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html",
            "refsource": "MISC",
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0933",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0933"
          },
          {
            "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc",
            "refsource": "MISC",
            "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
          },
          {
            "name": "http://secunia.com/advisories/39932",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/39932"
          },
          {
            "name": "http://secunia.com/advisories/43311",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/43311"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0839",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0839"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/1216",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/1216"
          },
          {
            "name": "http://www.openssl.org/news/secadv_20100324.txt",
            "refsource": "MISC",
            "url": "http://www.openssl.org/news/secadv_20100324.txt"
          },
          {
            "name": "http://www.securitytracker.com/id?1023748",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1023748"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0710",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0710"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-0740"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.openssl.org/news/secadv_20100324.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.openssl.org/news/secadv_20100324.txt"
            },
            {
              "name": "ADV-2010-0710",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0710"
            },
            {
              "name": "1023748",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023748"
            },
            {
              "name": "ADV-2010-0839",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0839"
            },
            {
              "name": "FEDORA-2010-5744",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html"
            },
            {
              "name": "ADV-2010-0933",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0933"
            },
            {
              "name": "MDVSA-2010:076",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"
            },
            {
              "name": "ADV-2010-1216",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/1216"
            },
            {
              "name": "39932",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39932"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
            },
            {
              "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA50",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
            },
            {
              "name": "42733",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42733"
            },
            {
              "name": "42724",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42724"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
            },
            {
              "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
            },
            {
              "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
            },
            {
              "name": "43311",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/43311"
            },
            {
              "name": "APPLE-SA-2011-06-23-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4723",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4723"
            },
            {
              "name": "HPSBUX02517",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
            },
            {
              "name": "HPSBUX02531",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:11731",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11731"
            },
            {
              "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T04:16Z",
      "publishedDate": "2010-03-26T18:30Z"
    }
  }
}

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8f through 0.9.8m are vulnerable.

Affected versions depend on the C compiler used with OpenSSL:

If 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m.
Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m. If upgrading is not immediately possible, the source code patch provided in this advisory should be applied.

Bodo Moeller and Adam Langley (Google) have identified the vulnerability and prepared the fix.

Patch

--- ssl/s3_pkt.c 24 Jan 2010 13:52:38 -0000 1.57.2.9 +++ ssl/s3_pkt.c 24 Mar 2010 00:00:00 -0000 @@ -291,9 +291,9 @@ if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - / Send back error using their - * version number :-) / - s->version=version; + if ((s->version & 0xFF00) == (version & 0xFF00)) + / Send back error using their minor version number :-) / + s->version = (unsigned short)version; al=SSL_AD_PROTOCOL_VERSION; goto f_err; }

References

This vulnerability is tracked as CVE-2010-0740.

URL for this Security Advisory: https://www.openssl.org/news/secadv_20100324.txt . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

               VMware Security Advisory

Advisory ID: VMSA-2011-0003 Synopsis: Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-02-10 Updated on: 2011-02-10 (initial release of advisory) CVE numbers: --- Apache Tomcat --- CVE-2009-2693 CVE-2009-2901 CVE-2009-2902 CVE-2009-3548 CVE-2010-2227 CVE-2010-1157 --- Apache Tomcat Manager --- CVE-2010-2928 --- cURL --- CVE-2010-0734 --- COS Kernel --- CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0307 CVE-2010-1086 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1173 CVE-2010-1437 CVE-2010-1088 CVE-2010-1187 CVE-2010-1436 CVE-2010-1641 CVE-2010-3081 --- Microsoft SQL Express --- CVE-2008-5416 CVE-2008-0085 CVE-2008-0086 CVE-2008-0107 CVE-2008-0106 --- OpenSSL --- CVE-2010-0740 CVE-2010-0433 CVE-2010-3864 CVE-2010-2939 --- Oracle (Sun) JRE --- CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849 CVE-2010-0850 CVE-2010-0886 CVE-2010-3556 CVE-2010-3566 CVE-2010-3567 CVE-2010-3550 CVE-2010-3561 CVE-2010-3573 CVE-2010-3565 CVE-2010-3568 CVE-2010-3569 CVE-2010-1321 CVE-2010-3548 CVE-2010-3551 CVE-2010-3562 CVE-2010-3571 CVE-2010-3554 CVE-2010-3559 CVE-2010-3572 CVE-2010-3553 CVE-2010-3549 CVE-2010-3557 CVE-2010-3541 CVE-2010-3574 --- pam_krb5 --- CVE-2008-3825 CVE-2009-1384

Summary

Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.

Relevant releases

vCenter Server 4.1 without Update 1,

vCenter Update Manager 4.1 without Update 1,

ESXi 4.1 without patch ESXi410-201101201-SG,

ESX 4.1 without patch ESX410-201101201-SG.

Problem Description

a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3

Microsoft SQL Server 2005 Express Edition (SQL Express)
distributed with vCenter Server 4.1 Update 1 and vCenter Update
Manager 4.1 Update 1 is upgraded from  SQL Express Service Pack 2
to SQL Express Service Pack 3, to address multiple security
issues that exist in the earlier releases of Microsoft SQL Express.

Customers using other database solutions need not update for
these issues.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

Update Manager 4.1       Windows  Update 1
Update Manager 4.0       Windows  affected, patch pending
Update Manager 1.0       Windows  affected, no patch planned

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected

Hosted products are VMware Workstation, Player, ACE, Fusion.

b. vCenter Apache Tomcat Management Application Credential Disclosure

The Apache Tomcat Manager application configuration file contains
logon credentials that can be read by unprivileged local users.

The issue is resolved by removing the Manager application in
vCenter 4.1 Update 1.

If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon
credentials are not present in the configuration file after the
update.

VMware would like to thank Claudio Criscione of Secure Networking
for reporting this issue to us.

The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-2928 to this issue.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  not affected
VirtualCenter  2.5       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            any       ESX      not affected

hosted products are VMware Workstation, Player, ACE, Fusion.

c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version 1.6.0_21

Oracle (Sun) JRE update to version 1.6.0_21, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,
CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,
CVE-2010-0850.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name to the security issue fixed in
Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  not applicable **
VirtualCenter  2.5       Windows  not applicable **

Update Manager 4.1       Windows  not applicable **
Update Manager 4.0       Windows  not applicable **
Update Manager 1.0       Windows  not applicable **


hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      not applicable **
ESX            3.5       ESX      not applicable **
ESX            3.0.3     ESX      not applicable **

hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family

d. vCenter Update Manager Oracle (Sun) JRE is updated to version 1.5.0_26

Oracle (Sun) JRE update to version 1.5.0_26, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,
CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,
CVE-2010-3565,CVE-2010-3568, CVE-2010-3569,  CVE-2009-3555,
CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,
CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,
CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,
CVE-2010-3574.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  not applicable **
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

Update Manager 4.1       Windows  Update 1
Update Manager 4.0       Windows  affected, patch pending
Update Manager 1.0       Windows  affected, no patch planned

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      not applicable **
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      affected, no patch planned
ESX            3.0.3     ESX      affected, no patch planned

hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family

e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28

Apache Tomcat updated to version 6.0.28, which addresses multiple
security issues that existed in earlier releases of Apache Tomcat

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i
and CVE-2009-3548.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  not applicable **

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      not applicable **
ESX            3.0.3     ESX      not applicable **

hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Apache Tomcat 5.5 family

f. vCenter Server third party component OpenSSL updated to version 0.9.8n

The version of the OpenSSL library in vCenter Server is updated to
0.9.8n.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0740 and CVE-2010-0433 to the
issues addressed in this version of OpenSSL.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        4.1       Windows  Update 1
vCenter        4.0       Windows  affected, patch pending
VirtualCenter  2.5       Windows  affected, no patch planned

hosted *       any       any      not applicable

ESXi           any       ESXi     not applicable

ESX            any       ESX      not applicable

hosted products are VMware Workstation, Player, ACE, Fusion.

g. ESX third party component OpenSSL updated to version 0.9.8p

The version of the ESX OpenSSL library is updated to 0.9.8p.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3864 and CVE-2010-2939 to the
issues addressed in this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not applicable

hosted *       any       any      not applicable
ESXi           4.1       ESXi     ESXi410-201101201-SG
ESXi           4.0       ESXi     affected, patch pending
ESXi           3.5       ESXi     affected, patch pending

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      affected, patch pending
ESX            3.0.3     ESX      affected, patch pending

hosted products are VMware Workstation, Player, ACE, Fusion.

h. ESXi third party component cURL updated

The version of cURL library in ESXi is updated.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to the issues addressed in
this update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           4.1       ESXi     ESXi410-201101201-SG
ESXi           4.0       ESXi     affected, patch pending
ESXi           3.5       ESXi     affected, patch pending

ESX            any       ESX      not applicable

hosted products are VMware Workstation, Player, ACE, Fusion.

i. ESX third party component pam_krb5 updated

The version of pam_krb5 library is updated.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3825 and CVE-2009-1384 to the
issues addressed in the update.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      not affected
ESX            3.5       ESX      not affected
ESX            3.0.3     ESX      not affected

hosted products are VMware Workstation, Player, ACE, Fusion.

j. ESX third party update for Service Console kernel

The Service Console kernel is updated to include kernel version
2.6.18-194.11.1.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,
CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,
CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,
CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,
CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,
CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,
CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and
CVE-2010-3081 to the issues addressed in the update.

Note: This update also addresses the 64-bit compatibility mode
stack pointer underflow issue identified by CVE-2010-3081. This
issue was patched in an ESX 4.1 patch prior to the release of
ESX 4.1 Update 1.

Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.

VMware         Product   Running  Replace with/
Product        Version   on       Apply Patch
=============  ========  =======  =================
vCenter        any       Windows  not affected

hosted *       any       any      not affected

ESXi           any       ESXi     not affected

ESX            4.1       ESX      ESX410-201101201-SG
ESX            4.0       ESX      affected, patch pending
ESX            3.5       ESX      not applicable
ESX            3.0.3     ESX      not applicable

hosted products are VMware Workstation, Player, ACE, Fusion.
Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

VMware vCenter Server 4.1 Update 1 and modules

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html

File type: .iso md5sum: 729cf247aa5d33ceec431c86377eee1a sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0

File type: .zip md5sum: fd1441bef48a153f2807f6823790e2f0 sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19

VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESXi 4.1 Installable Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html http://kb.vmware.com/kb/1027919

File type: .iso MD5SUM: d68d6c2e040a87cd04cd18c04c22c998 SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1) File type: .zip MD5SUM: 2f1e009c046b20042fae3b7ca42a840f SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0) File type: .zip MD5SUM: 67b924618d196dafaf268a7691bd1a0f SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516

ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5) File type: .zip MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4 SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488

VMware Tools CD image for Linux Guest OSes File type: .iso MD5SUM: dad66fa8ece1dd121c302f45444daa70 SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client File type: .exe MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESXi Installable Update 1 contains the following security bulletins: ESXi410-201101201-SG.

ESX 4.1 Update 1

http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0 Release Notes:

http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html http://kb.vmware.com/kb/1029353

ESX 4.1 Update 1 (DVD ISO) File type: .iso md5sum: b9a275b419a20c7bedf31c0bf64f504e sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1) File type: .zip md5sum: 2d81a87e994aa2b329036f11d90b4c14 sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798

Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1 File type: .zip md5sum: 75f8cebfd55d8a81deb57c27def963c2 sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2

ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0) File type: .zip md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2 sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922

VMware Tools CD image for Linux Guest OSes File type: .iso md5sum: dad66fa8ece1dd121c302f45444daa70 sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af

VMware vSphere Client File type: .exe md5sum: cb6aa91ada1289575355d79e8c2a9f8e sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4

ESX410-Update01 contains the following security bulletins: ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL, Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904 ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330

ESX410-Update01 also contains the following non-security bulletins ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG, ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG, ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG, ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG, ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG, ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.

To install an individual bulletin use esxupdate with the -b option.

References

CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574

Change log

2011-02-10 VMSA-2011-0003 Initial security advisory in conjunction with the release of vCenter Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1 Update 1, and ESX 4.1 Update 1 on 2011-02-10.

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
full-disclosure at lists.grok.org.uk

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware security response policy http://www.vmware.com/support/policies/security_response.html

General support life cycle policy http://www.vmware.com/support/policies/eos.html

VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)

iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9 dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX =2pVj -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01

Synopsis

Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.0e >= 1.0.0e

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.

References

[ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201110-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433

Updated Packages:

Mandriva Linux 2008.0: 6779a4a1db26d264e8245d5a2e03b8e2 2008.0/i586/libopenssl0.9.8-0.9.8e-8.6mdv2008.0.i586.rpm 32d0879c08e77ec6ee2bf3401e342ab5 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.6mdv2008.0.i586.rpm f96338b09159511eb17480a3a398cdf4 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.6mdv2008.0.i586.rpm 3b314cadba52af9c6ef20807fa6a7e40 2008.0/i586/openssl-0.9.8e-8.6mdv2008.0.i586.rpm 5781d06f2bc45312c89d5578b3d4426e 2008.0/SRPMS/openssl-0.9.8e-8.6mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64: 18a2f6b7bc42e89172e199e2c9d9cbd7 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.6mdv2008.0.x86_64.rpm adbcfd94636bf43eca84d56b000f1bf9 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.6mdv2008.0.x86_64.rpm 78a4ae2c93221b31e75ff44f01cc963e 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.6mdv2008.0.x86_64.rpm cf642101a500d21a1b0d560c94f6c33b 2008.0/x86_64/openssl-0.9.8e-8.6mdv2008.0.x86_64.rpm 5781d06f2bc45312c89d5578b3d4426e 2008.0/SRPMS/openssl-0.9.8e-8.6mdv2008.0.src.rpm

Mandriva Linux 2009.1: 2179a8dcd20d37f14ee8830af0b19f18 2009.1/i586/libopenssl0.9.8-0.9.8k-1.5mdv2009.1.i586.rpm 2fa14647d3a714b59fcc96893b872d89 2009.1/i586/libopenssl0.9.8-devel-0.9.8k-1.5mdv2009.1.i586.rpm 3456989c6989346efcf82a2ac744b860 2009.1/i586/libopenssl0.9.8-static-devel-0.9.8k-1.5mdv2009.1.i586.rpm ea0d9271dff872444a5104edb5a35782 2009.1/i586/openssl-0.9.8k-1.5mdv2009.1.i586.rpm 9606d6dd9ef55a4e36585031819ff68a 2009.1/SRPMS/openssl-0.9.8k-1.5mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64: 48b2c896f7f5a78da411c3f952641a7c 2009.1/x86_64/lib64openssl0.9.8-0.9.8k-1.5mdv2009.1.x86_64.rpm f2243e30cf19af90a5d318a9b58f7166 2009.1/x86_64/lib64openssl0.9.8-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm eb21df80599178f9e0801f56ea53c596 2009.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm 7623f6957ce025df671f26da48b43a8c 2009.1/x86_64/openssl-0.9.8k-1.5mdv2009.1.x86_64.rpm 9606d6dd9ef55a4e36585031819ff68a 2009.1/SRPMS/openssl-0.9.8k-1.5mdv2009.1.src.rpm

Mandriva Linux 2010.0: bf40dda29eab76aed02a1d7cb0c6b7b0 2010.0/i586/libopenssl0.9.8-0.9.8k-5.2mdv2010.0.i586.rpm 88f7e61fb1a73b6785eb7dd619b4ba26 2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.2mdv2010.0.i586.rpm 43c3513218c3a1f9b92e6de050905511 2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.2mdv2010.0.i586.rpm a8301e1c6f5f770673e3b5aa78def152 2010.0/i586/openssl-0.9.8k-5.2mdv2010.0.i586.rpm d34a969c322305ba7c2bf42c464e655b 2010.0/SRPMS/openssl-0.9.8k-5.2mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64: bd1bad7a46c995dd70390db3d3f54d9b 2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.2mdv2010.0.x86_64.rpm c402e4d826ff811ed12e51348433043d 2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.2mdv2010.0.x86_64.rpm 11bc52f64e3149750039441e0953c1ac 2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.2mdv2010.0.x86_64.rpm a312e7b5c36582656783e287e4fbf8b2 2010.0/x86_64/openssl-0.9.8k-5.2mdv2010.0.x86_64.rpm d34a969c322305ba7c2bf42c464e655b 2010.0/SRPMS/openssl-0.9.8k-5.2mdv2010.0.src.rpm

Corporate 4.0: 838799e95a4b8ddbad162e3d85826cb3 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.12.20060mlcs4.i586.rpm fa537398af95ed3d4d2bf0458d6968e7 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.12.20060mlcs4.i586.rpm 44095aa5ee43e81861066b7be51f26e0 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.12.20060mlcs4.i586.rpm 311d0ffc5d5c066e78444899796d9a04 corporate/4.0/i586/openssl-0.9.7g-2.12.20060mlcs4.i586.rpm ffcbb14a29c554d271b34a07ba8c6760 corporate/4.0/SRPMS/openssl-0.9.7g-2.12.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 36a4b10bb78a32c87eacb51bb898ce74 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.12.20060mlcs4.x86_64.rpm 97bc349e00703ec30ed4bc92ed1c8ad3 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.12.20060mlcs4.x86_64.rpm c5ad86569b033f43117c190d4843cb62 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.12.20060mlcs4.x86_64.rpm 7323557da4375c9e28f0fc6ffe3c9681 corporate/4.0/x86_64/openssl-0.9.7g-2.12.20060mlcs4.x86_64.rpm ffcbb14a29c554d271b34a07ba8c6760 corporate/4.0/SRPMS/openssl-0.9.7g-2.12.20060mlcs4.src.rpm

Mandriva Enterprise Server 5: 5397afaa4dd55a61a69c7a613b4a04d0 mes5/i586/libopenssl0.9.8-0.9.8h-3.7mdvmes5.1.i586.rpm 672b31b0932445ab920d98674b39568e mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdvmes5.1.i586.rpm bd4315ba38456187e89a3608f9a81449 mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdvmes5.1.i586.rpm 97c3e766752633e2dc3fb4e8808d94a2 mes5/i586/openssl-0.9.8h-3.7mdvmes5.1.i586.rpm 3fa202efa10e5a1758296c38d550e3c9 mes5/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm

Mandriva Enterprise Server 5/X86_64: eff1bf6b250becc30db24dd090677cdc mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.7mdvmes5.1.x86_64.rpm a516bcfc84c4d725f9123aba88f2f433 mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.7mdvmes5.1.x86_64.rpm 82bc5fb4ce477538a44d934ad20d0a76 mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.7mdvmes5.1.x86_64.rpm 1423afe3a03dc74af39c81a5ea8382ba mes5/x86_64/openssl-0.9.8h-3.7mdvmes5.1.x86_64.rpm 3fa202efa10e5a1758296c38d550e3c9 mes5/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm

Multi Network Firewall 2.0: dc0699f12403b68e03714fbf196c1a61 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.13.C30mdk.i586.rpm 300487b72c03dc789393b1d031b0f79f mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.13.C30mdk.i586.rpm a7153e4b9c5b0b3710307ec9366bc7c6 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.13.C30mdk.i586.rpm 51f0b04c0a6ceb1008c017ff5c9e708e mnf/2.0/i586/openssl-0.9.7c-3.13.C30mdk.i586.rpm 4fbf3a9a35931cc30fdda10ce7d1d911 mnf/2.0/SRPMS/openssl-0.9.7c-3.13.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLybd5mqjQ0CJFipgRAoogAKDhb8KNEsbPJbLGW/HkRJtwmigdlACeLosx AivcTVPvxGwS+9NxLS8bfeA= =M7MB -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02079216 Version: 1

HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2010-04-13 Last Updated: 2010-04-13

Potential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2009-3245 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2009-4355 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided upgrades to resolve these vulnerabilities. The upgrades are available from the following location.

Host / Account / Password

ftp.usa.hp.com / sb02517 / Secure12

HP-UX Release / Depot Name / SHA-1 digest

B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot / 2FE85DEE859C93F9D02A69666A455E9A7442DC5D

B.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot / 69F9AEE88F89C53FFE6794822F6A843F312384CD

B.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot / 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5

MANUAL ACTIONS: Yes - Update

Install OpenSSL A.00.09.08n or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.11

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.00.09.08n.001 or subsequent

HP-UX B.11.23

HP-UX B.11.31

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) 13 April 2010 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Apache-based Web Server is contained in the Apache Web Server Suite. The upgrades are available from the following location:

URL http://software.hp.com

Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15

Web Server Suite Version / HP-UX Release / Depot name

Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot

Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot

Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot

Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot

Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot

Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot

Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot

MANUAL ACTIONS: Yes - Update

Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201003-0281",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "0.9.8i"
      },
      {
        "model": "vcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "virtualcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "vcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "0.9.8f to  0.9.8m"
      },
      {
        "model": "ace",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "esx",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "esxi",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "fusion",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "player",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "workstation",
        "scope": null,
        "trust": 0.8,
        "vendor": "vmware",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 to  v10.6.7"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "11.31"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 134",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "2.6"
      },
      {
        "model": "opensolaris build snv 41",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 104",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 83",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.2.3.1"
      },
      {
        "model": "opensolaris build snv 106",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.52"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensolaris build snv 131",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 56",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 95",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 38",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "opensolaris build snv 126",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "opensolaris build snv 125",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "vcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.01"
      },
      {
        "model": "circle",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "1.1.40"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensolaris build snv 133",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 54",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 129",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 93",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.1"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "opensolaris build snv 35",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.7"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.2.4.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "opensolaris build snv 92",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.55"
      },
      {
        "model": "big-ip protocol security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "opensolaris build snv 76",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "opensolaris build snv 130",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "opensolaris build snv 121",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "opensolaris build snv 84",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 101a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 105",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 99",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "4.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "bigip global traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 87",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "opensolaris build snv 88",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "opensolaris build snv 98",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.6"
      },
      {
        "model": "opensolaris build snv 117",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "opensolaris build snv 58",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.51"
      },
      {
        "model": "opensolaris build snv 113",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 100",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "opensolaris build snv 124",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 118",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bigip edge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 123",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 59",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 49",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 57",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "setup and configuration service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "5.0"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "9.1.5.1"
      },
      {
        "model": "opensolaris build snv 22",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 114",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "opensolaris build snv 112",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 81",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "opensolaris build snv 119",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 128",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 103",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "arx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "5.1.5"
      },
      {
        "model": "opensolaris build snv 85",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 19",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 107",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "setup and configuration service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "6.0"
      },
      {
        "model": "circle xtelnet",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "0.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.6"
      },
      {
        "model": "opensolaris build snv 45",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.7"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "virtualcenter 2.5.update build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "31"
      },
      {
        "model": "opensolaris build snv 96",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 110",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 71",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 78",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "bigip application security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "opensolaris build snv 108",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 28",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 13",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "3.0"
      },
      {
        "model": "opensolaris build snv 132",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "6.0"
      },
      {
        "model": "opensolaris build snv 91",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "vcenter update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.11"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.3.1"
      },
      {
        "model": "circle",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "1.1.39"
      },
      {
        "model": "openbsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openbsd",
        "version": "4.5"
      },
      {
        "model": "opensolaris build snv 36",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 89",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.8"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.56"
      },
      {
        "model": "opensolaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sun",
        "version": "0"
      },
      {
        "model": "opensolaris build snv 47",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 39",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 48",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 64",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.5"
      },
      {
        "model": "circle xtelnet",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "voodoo",
        "version": "0.4.6"
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.4"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "opensolaris build snv 94",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 37",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "active management technology sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "5.0"
      },
      {
        "model": "opensolaris build snv 101",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "coat systems blue coat reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "8.3.7.1"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.8"
      },
      {
        "model": "opensolaris build snv 122",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 115",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 90",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 68",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "opensolaris build snv 109",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 74",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 67",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 120",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 51",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 50",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 136",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "big-ip wan optimization module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "opensolaris build snv 102",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.54"
      },
      {
        "model": "opensolaris build snv 02",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2010.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "opensolaris build snv 77",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "opensolaris build snv 61",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 137",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "opensolaris build snv 116",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 127",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.9"
      },
      {
        "model": "opensolaris build snv 80",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "opensolaris build snv 82",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 135",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 01",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 29",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:ibm:aix",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:openssl:openssl",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:ace",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:esx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:esxi",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:fusion",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:player",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:vcenter",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:virtualcenter",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:workstation",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:hp-ux",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bodo Moeller and Adam Langley",
    "sources": [
      {
        "db": "BID",
        "id": "39013"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0740",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2010-0740",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-0740",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-0740",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201003-393",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2010-0740",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nOpenSSL versions 0.9.8f through 0.9.8m are vulnerable. \n\nAffected versions depend on the C compiler used with OpenSSL:\n\n- If \u0027short\u0027 is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m. \n- Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m.  If upgrading is not immediately possible, the\nsource code patch provided in this advisory should be applied. \n\nBodo Moeller and Adam Langley (Google) have identified the vulnerability\nand prepared the fix. \n\n\nPatch\n-----\n\n--- ssl/s3_pkt.c\t24 Jan 2010 13:52:38 -0000\t1.57.2.9\n+++ ssl/s3_pkt.c\t24 Mar 2010 00:00:00 -0000\n@@ -291,9 +291,9 @@\n \t\t\tif (version != s-\u003eversion)\n \t\t\t\t{\n \t\t\t\tSSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);\n-\t\t\t\t/* Send back error using their\n-\t\t\t\t * version number :-) */\n-\t\t\t\ts-\u003eversion=version;\n+                                if ((s-\u003eversion \u0026 0xFF00) == (version \u0026 0xFF00))\n+                                \t/* Send back error using their minor version number :-) */\n+\t\t\t\t\ts-\u003eversion = (unsigned short)version;\n \t\t\t\tal=SSL_AD_PROTOCOL_VERSION;\n \t\t\t\tgoto f_err;\n \t\t\t\t}\n\n\nReferences\n----------\n\nThis vulnerability is tracked as CVE-2010-0740. \n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20100324.txt\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2011-0003\nSynopsis:          Third party component updates for VMware vCenter\n                   Server, vCenter Update Manager, ESXi and ESX\nIssue date:        2011-02-10\nUpdated on:        2011-02-10 (initial release of advisory)\nCVE numbers:       --- Apache Tomcat ---\n                   CVE-2009-2693 CVE-2009-2901 CVE-2009-2902\n                   CVE-2009-3548 CVE-2010-2227 CVE-2010-1157\n                   --- Apache Tomcat Manager ---\n                   CVE-2010-2928\n                   --- cURL ---\n                   CVE-2010-0734\n                   --- COS Kernel ---\n                   CVE-2010-1084 CVE-2010-2066 CVE-2010-2070\n                   CVE-2010-2226 CVE-2010-2248 CVE-2010-2521\n                   CVE-2010-2524 CVE-2010-0008 CVE-2010-0415\n                   CVE-2010-0437 CVE-2009-4308 CVE-2010-0003\n                   CVE-2010-0007 CVE-2010-0307 CVE-2010-1086\n                   CVE-2010-0410 CVE-2010-0730 CVE-2010-1085\n                   CVE-2010-0291 CVE-2010-0622 CVE-2010-1087\n                   CVE-2010-1173 CVE-2010-1437 CVE-2010-1088\n                   CVE-2010-1187 CVE-2010-1436 CVE-2010-1641\n                   CVE-2010-3081\n                   --- Microsoft SQL Express ---\n                   CVE-2008-5416 CVE-2008-0085 CVE-2008-0086\n                   CVE-2008-0107 CVE-2008-0106\n                   --- OpenSSL ---\n                   CVE-2010-0740 CVE-2010-0433\n                   CVE-2010-3864 CVE-2010-2939\n                   --- Oracle (Sun) JRE ---\n                   CVE-2009-3555 CVE-2010-0082 CVE-2010-0084\n                   CVE-2010-0085 CVE-2010-0087 CVE-2010-0088\n                   CVE-2010-0089 CVE-2010-0090 CVE-2010-0091\n                   CVE-2010-0092 CVE-2010-0093 CVE-2010-0094\n                   CVE-2010-0095 CVE-2010-0837 CVE-2010-0838\n                   CVE-2010-0839 CVE-2010-0840 CVE-2010-0841\n                   CVE-2010-0842 CVE-2010-0843 CVE-2010-0844\n                   CVE-2010-0845 CVE-2010-0846 CVE-2010-0847\n                   CVE-2010-0848 CVE-2010-0849 CVE-2010-0850\n                   CVE-2010-0886 CVE-2010-3556 CVE-2010-3566\n                   CVE-2010-3567 CVE-2010-3550 CVE-2010-3561\n                   CVE-2010-3573 CVE-2010-3565 CVE-2010-3568\n                   CVE-2010-3569 CVE-2010-1321 CVE-2010-3548\n                   CVE-2010-3551 CVE-2010-3562 CVE-2010-3571\n                   CVE-2010-3554 CVE-2010-3559 CVE-2010-3572\n                   CVE-2010-3553 CVE-2010-3549 CVE-2010-3557\n                   CVE-2010-3541 CVE-2010-3574\n                   --- pam_krb5 ---\n                   CVE-2008-3825 CVE-2009-1384\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere\n   Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues. \n\n\n2. Relevant releases\n\n   vCenter Server 4.1 without Update 1,\n\n   vCenter Update Manager 4.1 without Update 1,\n\n   ESXi 4.1 without patch ESXi410-201101201-SG,\n\n   ESX 4.1 without patch ESX410-201101201-SG. \n\n\n3. Problem Description\n\n a. vCenter Server and vCenter Update Manager update Microsoft\n    SQL Server 2005 Express Edition to Service Pack 3\n\n    Microsoft SQL Server 2005 Express Edition (SQL Express)\n    distributed with vCenter Server 4.1 Update 1 and vCenter Update\n    Manager 4.1 Update 1 is upgraded from  SQL Express Service Pack 2\n    to SQL Express Service Pack 3, to address multiple security\n    issues that exist in the earlier releases of Microsoft SQL Express. \n\n    Customers using other database solutions need not update for\n    these issues. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,\n    CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL\n    Express Service Pack 3. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    Update Manager 4.1       Windows  Update 1\n    Update Manager 4.0       Windows  affected, patch pending\n    Update Manager 1.0       Windows  affected, no patch planned\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n  * Hosted products are VMware Workstation, Player, ACE, Fusion. \n\n b. vCenter Apache Tomcat Management Application Credential Disclosure\n\n    The Apache Tomcat Manager application configuration file contains\n    logon credentials that can be read by unprivileged local users. \n\n    The issue is resolved by removing the Manager application in\n    vCenter 4.1 Update 1. \n\n    If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon\n    credentials are not present in the configuration file after the\n    update. \n\n    VMware would like to thank Claudio Criscione of Secure Networking\n    for reporting this issue to us. \n\n    The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n    has assigned the name CVE-2010-2928 to this issue. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  not affected\n    VirtualCenter  2.5       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version\n    1.6.0_21\n\n    Oracle (Sun) JRE update to version 1.6.0_21, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,\n    CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,\n    CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,\n    CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,\n    CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,\n    CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,\n    CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,\n    CVE-2010-0850. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following name to the security issue fixed in\n    Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  not applicable **\n    VirtualCenter  2.5       Windows  not applicable **\n\n    Update Manager 4.1       Windows  not applicable **\n    Update Manager 4.0       Windows  not applicable **\n    Update Manager 1.0       Windows  not applicable **\n\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      not applicable **\n    ESX            3.5       ESX      not applicable **\n    ESX            3.0.3     ESX      not applicable **\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.5.0 family\n\nd. vCenter Update Manager Oracle (Sun) JRE is updated to version\n   1.5.0_26\n\n    Oracle (Sun) JRE update to version 1.5.0_26, which addresses\n    multiple security issues that existed in earlier releases of\n    Oracle (Sun) JRE. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,\n    CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,\n    CVE-2010-3565,CVE-2010-3568, CVE-2010-3569,  CVE-2009-3555,\n    CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,\n    CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,\n    CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,\n    CVE-2010-3574. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  not applicable **\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    Update Manager 4.1       Windows  Update 1\n    Update Manager 4.0       Windows  affected, patch pending\n    Update Manager 1.0       Windows  affected, no patch planned\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      not applicable **\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      affected, no patch planned\n    ESX            3.0.3     ESX      affected, no patch planned\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Oracle (Sun) JRE 1.6.0 family\n\n e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28\n\n    Apache Tomcat updated to version 6.0.28, which addresses multiple\n    security issues that existed in earlier releases of Apache Tomcat\n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i\n    and CVE-2009-3548. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the following names to the security issues fixed in\n    Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  not applicable **\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      not applicable **\n    ESX            3.0.3     ESX      not applicable **\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n ** this product uses the Apache Tomcat 5.5 family\n\n f. vCenter Server third party component OpenSSL updated to version\n    0.9.8n\n\n    The version of the OpenSSL library in vCenter Server is updated to\n    0.9.8n. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-0740 and CVE-2010-0433 to the\n    issues addressed in this version of OpenSSL. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        4.1       Windows  Update 1\n    vCenter        4.0       Windows  affected, patch pending\n    VirtualCenter  2.5       Windows  affected, no patch planned\n\n    hosted *       any       any      not applicable\n\n    ESXi           any       ESXi     not applicable\n\n    ESX            any       ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE,  Fusion. \n\n g. ESX third party component OpenSSL updated to version 0.9.8p\n\n    The version of the ESX OpenSSL library is updated to 0.9.8p. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-3864 and CVE-2010-2939 to the\n    issues addressed in this update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not applicable\n\n    hosted *       any       any      not applicable\n    ESXi           4.1       ESXi     ESXi410-201101201-SG\n    ESXi           4.0       ESXi     affected, patch pending\n    ESXi           3.5       ESXi     affected, patch pending\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      affected, patch pending\n    ESX            3.0.3     ESX      affected, patch pending\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n h. ESXi third party component cURL updated\n\n    The version of cURL library in ESXi is updated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-0734 to the issues addressed in\n    this update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           4.1       ESXi     ESXi410-201101201-SG\n    ESXi           4.0       ESXi     affected, patch pending\n    ESXi           3.5       ESXi     affected, patch pending\n\n    ESX            any       ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n i. ESX third party component pam_krb5 updated\n\n    The version of pam_krb5 library is updated. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2008-3825 and CVE-2009-1384 to the\n    issues addressed in the update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      not affected\n    ESX            3.5       ESX      not affected\n    ESX            3.0.3     ESX      not affected\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n j. ESX third party update for Service Console kernel\n\n    The Service Console kernel is updated to include kernel version\n    2.6.18-194.11.1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,\n    CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,\n    CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,\n    CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,\n    CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,\n    CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,\n    CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and\n    CVE-2010-3081 to the issues addressed in the update. \n\n    Note: This update also addresses the 64-bit compatibility mode\n    stack pointer underflow issue identified by CVE-2010-3081. This\n    issue was patched in an ESX 4.1 patch prior to the release of\n    ESX 4.1 Update 1. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    vCenter        any       Windows  not affected\n\n    hosted *       any       any      not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            4.1       ESX      ESX410-201101201-SG\n    ESX            4.0       ESX      affected, patch pending\n    ESX            3.5       ESX      not applicable\n    ESX            3.0.3     ESX      not applicable\n\n  * hosted products are VMware Workstation, Player, ACE, Fusion. \n\n\n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the checksum of your downloaded file. \n\n   VMware vCenter Server 4.1 Update 1 and modules\n   ----------------------------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n   http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html\n\n   File type: .iso\n   md5sum: 729cf247aa5d33ceec431c86377eee1a\n   sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0\n\n   File type: .zip\n   md5sum: fd1441bef48a153f2807f6823790e2f0\n   sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19\n\n   VMware vSphere Client\n   File type: .exe\n   md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n   sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESXi 4.1 Installable Update 1\n   -----------------------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html\n   http://kb.vmware.com/kb/1027919\n\n   File type: .iso\n   MD5SUM: d68d6c2e040a87cd04cd18c04c22c998\n   SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)\n   File type: .zip\n   MD5SUM: 2f1e009c046b20042fae3b7ca42a840f\n   SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)\n   File type: .zip\n   MD5SUM: 67b924618d196dafaf268a7691bd1a0f\n   SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516 \t\n\n   ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)\n   File type: .zip\n   MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4\n   SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488 \t\n\n   VMware Tools CD image for Linux Guest OSes\n   File type: .iso\n   MD5SUM: dad66fa8ece1dd121c302f45444daa70\n   SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n   VMware vSphere Client\n   File type: .exe\n   MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e\n   SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESXi Installable Update 1 contains the following security bulletins:\n   ESXi410-201101201-SG. \n\n   ESX 4.1 Update 1\n   ----------------\n\nhttp://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0\n   Release Notes:\n\nhttp://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html\n   http://kb.vmware.com/kb/1029353\n\n   ESX 4.1 Update 1 (DVD ISO)\n   File type: .iso\n   md5sum: b9a275b419a20c7bedf31c0bf64f504e\n   sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11 \t\n\n   ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)\n   File type: .zip\n   md5sum: 2d81a87e994aa2b329036f11d90b4c14\n   sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798 \t\n\n   Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1\n   File type: .zip\n   md5sum: 75f8cebfd55d8a81deb57c27def963c2\n   sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2 \t\n\n   ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)\n   File type: .zip\n   md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2\n   sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922 \t\n\n   VMware Tools CD image for Linux Guest OSes\n   File type: .iso\n   md5sum: dad66fa8ece1dd121c302f45444daa70\n   sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af \t\n\n   VMware vSphere Client\n   File type: .exe\n   md5sum: cb6aa91ada1289575355d79e8c2a9f8e\n   sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4\n\n   ESX410-Update01 contains the following security bulletins:\n   ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,\n   Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904\n   ESX410-201101226-SG (glibc)      | http://kb.vmware.com/kb/1031330\n\n   ESX410-Update01 also contains the following non-security bulletins\n   ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,\n   ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,\n   ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,\n   ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,\n   ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,\n   ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG. \n\n   To install an individual bulletin use esxupdate with the -b option. \n\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2011-02-10  VMSA-2011-0003\nInitial security advisory in conjunction with the release of vCenter\nServer 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1\nUpdate 1, and ESX 4.1 Update 1 on 2011-02-10. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisories\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2011 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9\ndxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX\n=2pVj\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201110-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: October 09, 2011\n     Bugs: #303739, #308011, #322575, #332027, #345767, #347623,\n           #354139, #382069\n       ID: 201110-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in OpenSSL, allowing for the\nexecution of arbitrary code and other attacks. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\n(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general\npurpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.0e                  \u003e= 1.0.0e\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA context-dependent attacker could cause a Denial of Service, possibly\nexecute arbitrary code, bypass intended key requirements, force the\ndowngrade to unintended ciphers, bypass the need for knowledge of\nshared secrets and successfully authenticate, bypass CRL validation, or\nobtain sensitive information in applications that use OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.0e\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are\navailable since September 17, 2011. It is likely that your system is\nalready no longer affected by most of these issues. \n\nReferences\n==========\n\n[  1 ] CVE-2009-3245\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245\n[  2 ] CVE-2009-4355\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355\n[  3 ] CVE-2010-0433\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433\n[  4 ] CVE-2010-0740\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740\n[  5 ] CVE-2010-0742\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742\n[  6 ] CVE-2010-1633\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633\n[  7 ] CVE-2010-2939\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939\n[  8 ] CVE-2010-3864\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864\n[  9 ] CVE-2010-4180\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180\n[ 10 ] CVE-2010-4252\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252\n[ 11 ] CVE-2011-0014\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014\n[ 12 ] CVE-2011-3207\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207\n[ 13 ] CVE-2011-3210\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \n \n Packages for 2008.0 and 2009.0 are provided due to the Extended\n Maintenance Program for those products. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 6779a4a1db26d264e8245d5a2e03b8e2  2008.0/i586/libopenssl0.9.8-0.9.8e-8.6mdv2008.0.i586.rpm\n 32d0879c08e77ec6ee2bf3401e342ab5  2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.6mdv2008.0.i586.rpm\n f96338b09159511eb17480a3a398cdf4  2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.6mdv2008.0.i586.rpm\n 3b314cadba52af9c6ef20807fa6a7e40  2008.0/i586/openssl-0.9.8e-8.6mdv2008.0.i586.rpm \n 5781d06f2bc45312c89d5578b3d4426e  2008.0/SRPMS/openssl-0.9.8e-8.6mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 18a2f6b7bc42e89172e199e2c9d9cbd7  2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.6mdv2008.0.x86_64.rpm\n adbcfd94636bf43eca84d56b000f1bf9  2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.6mdv2008.0.x86_64.rpm\n 78a4ae2c93221b31e75ff44f01cc963e  2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.6mdv2008.0.x86_64.rpm\n cf642101a500d21a1b0d560c94f6c33b  2008.0/x86_64/openssl-0.9.8e-8.6mdv2008.0.x86_64.rpm \n 5781d06f2bc45312c89d5578b3d4426e  2008.0/SRPMS/openssl-0.9.8e-8.6mdv2008.0.src.rpm\n\n Mandriva Linux 2009.1:\n 2179a8dcd20d37f14ee8830af0b19f18  2009.1/i586/libopenssl0.9.8-0.9.8k-1.5mdv2009.1.i586.rpm\n 2fa14647d3a714b59fcc96893b872d89  2009.1/i586/libopenssl0.9.8-devel-0.9.8k-1.5mdv2009.1.i586.rpm\n 3456989c6989346efcf82a2ac744b860  2009.1/i586/libopenssl0.9.8-static-devel-0.9.8k-1.5mdv2009.1.i586.rpm\n ea0d9271dff872444a5104edb5a35782  2009.1/i586/openssl-0.9.8k-1.5mdv2009.1.i586.rpm \n 9606d6dd9ef55a4e36585031819ff68a  2009.1/SRPMS/openssl-0.9.8k-1.5mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 48b2c896f7f5a78da411c3f952641a7c  2009.1/x86_64/lib64openssl0.9.8-0.9.8k-1.5mdv2009.1.x86_64.rpm\n f2243e30cf19af90a5d318a9b58f7166  2009.1/x86_64/lib64openssl0.9.8-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm\n eb21df80599178f9e0801f56ea53c596  2009.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm\n 7623f6957ce025df671f26da48b43a8c  2009.1/x86_64/openssl-0.9.8k-1.5mdv2009.1.x86_64.rpm \n 9606d6dd9ef55a4e36585031819ff68a  2009.1/SRPMS/openssl-0.9.8k-1.5mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n bf40dda29eab76aed02a1d7cb0c6b7b0  2010.0/i586/libopenssl0.9.8-0.9.8k-5.2mdv2010.0.i586.rpm\n 88f7e61fb1a73b6785eb7dd619b4ba26  2010.0/i586/libopenssl0.9.8-devel-0.9.8k-5.2mdv2010.0.i586.rpm\n 43c3513218c3a1f9b92e6de050905511  2010.0/i586/libopenssl0.9.8-static-devel-0.9.8k-5.2mdv2010.0.i586.rpm\n a8301e1c6f5f770673e3b5aa78def152  2010.0/i586/openssl-0.9.8k-5.2mdv2010.0.i586.rpm \n d34a969c322305ba7c2bf42c464e655b  2010.0/SRPMS/openssl-0.9.8k-5.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n bd1bad7a46c995dd70390db3d3f54d9b  2010.0/x86_64/lib64openssl0.9.8-0.9.8k-5.2mdv2010.0.x86_64.rpm\n c402e4d826ff811ed12e51348433043d  2010.0/x86_64/lib64openssl0.9.8-devel-0.9.8k-5.2mdv2010.0.x86_64.rpm\n 11bc52f64e3149750039441e0953c1ac  2010.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8k-5.2mdv2010.0.x86_64.rpm\n a312e7b5c36582656783e287e4fbf8b2  2010.0/x86_64/openssl-0.9.8k-5.2mdv2010.0.x86_64.rpm \n d34a969c322305ba7c2bf42c464e655b  2010.0/SRPMS/openssl-0.9.8k-5.2mdv2010.0.src.rpm\n\n Corporate 4.0:\n 838799e95a4b8ddbad162e3d85826cb3  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.12.20060mlcs4.i586.rpm\n fa537398af95ed3d4d2bf0458d6968e7  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.12.20060mlcs4.i586.rpm\n 44095aa5ee43e81861066b7be51f26e0  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.12.20060mlcs4.i586.rpm\n 311d0ffc5d5c066e78444899796d9a04  corporate/4.0/i586/openssl-0.9.7g-2.12.20060mlcs4.i586.rpm \n ffcbb14a29c554d271b34a07ba8c6760  corporate/4.0/SRPMS/openssl-0.9.7g-2.12.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 36a4b10bb78a32c87eacb51bb898ce74  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.12.20060mlcs4.x86_64.rpm\n 97bc349e00703ec30ed4bc92ed1c8ad3  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.12.20060mlcs4.x86_64.rpm\n c5ad86569b033f43117c190d4843cb62  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.12.20060mlcs4.x86_64.rpm\n 7323557da4375c9e28f0fc6ffe3c9681  corporate/4.0/x86_64/openssl-0.9.7g-2.12.20060mlcs4.x86_64.rpm \n ffcbb14a29c554d271b34a07ba8c6760  corporate/4.0/SRPMS/openssl-0.9.7g-2.12.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 5397afaa4dd55a61a69c7a613b4a04d0  mes5/i586/libopenssl0.9.8-0.9.8h-3.7mdvmes5.1.i586.rpm\n 672b31b0932445ab920d98674b39568e  mes5/i586/libopenssl0.9.8-devel-0.9.8h-3.7mdvmes5.1.i586.rpm\n bd4315ba38456187e89a3608f9a81449  mes5/i586/libopenssl0.9.8-static-devel-0.9.8h-3.7mdvmes5.1.i586.rpm\n 97c3e766752633e2dc3fb4e8808d94a2  mes5/i586/openssl-0.9.8h-3.7mdvmes5.1.i586.rpm \n 3fa202efa10e5a1758296c38d550e3c9  mes5/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n eff1bf6b250becc30db24dd090677cdc  mes5/x86_64/lib64openssl0.9.8-0.9.8h-3.7mdvmes5.1.x86_64.rpm\n a516bcfc84c4d725f9123aba88f2f433  mes5/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.7mdvmes5.1.x86_64.rpm\n 82bc5fb4ce477538a44d934ad20d0a76  mes5/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.7mdvmes5.1.x86_64.rpm\n 1423afe3a03dc74af39c81a5ea8382ba  mes5/x86_64/openssl-0.9.8h-3.7mdvmes5.1.x86_64.rpm \n 3fa202efa10e5a1758296c38d550e3c9  mes5/SRPMS/openssl-0.9.8h-3.7mdv2009.0.src.rpm\n\n Multi Network Firewall 2.0:\n dc0699f12403b68e03714fbf196c1a61  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.13.C30mdk.i586.rpm\n 300487b72c03dc789393b1d031b0f79f  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.13.C30mdk.i586.rpm\n a7153e4b9c5b0b3710307ec9366bc7c6  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.13.C30mdk.i586.rpm\n 51f0b04c0a6ceb1008c017ff5c9e708e  mnf/2.0/i586/openssl-0.9.7c-3.13.C30mdk.i586.rpm \n 4fbf3a9a35931cc30fdda10ce7d1d911  mnf/2.0/SRPMS/openssl-0.9.7c-3.13.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLybd5mqjQ0CJFipgRAoogAKDhb8KNEsbPJbLGW/HkRJtwmigdlACeLosx\nAivcTVPvxGwS+9NxLS8bfeA=\n=M7MB\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02079216\nVersion: 1\n\nHPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-04-13\nLast Updated: 2010-04-13\n\nPotential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS). \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08n. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2009-3245    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2009-3555    (AV:N/AC:L/Au:N/C:N/I:P/A:P)        6.4\nCVE-2009-4355    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2010-0433    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2010-0740    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location. \n\nHost / Account / Password\n\nftp.usa.hp.com / sb02517 / Secure12\n\nHP-UX Release / Depot Name / SHA-1 digest\n\nB.11.11 PA (32 and 64) / OpenSSL_A.00.09.08n.001_HP-UX_B.11.11_32+64.depot /\n 2FE85DEE859C93F9D02A69666A455E9A7442DC5D\n\nB.11.23 (PA and IA) / OpenSSL_A.00.09.08n.002_HP-UX_B.11.23_IA-PA.depot /\n 69F9AEE88F89C53FFE6794822F6A843F312384CD\n\nB.11.31 (PA and IA) / OpenSSL_A.00.09.08n.003_HP-UX_B.11.31_IA-PA.depot /\n 07A205AA57B4BDF98B65D31287CDCBE3B9F011D5\n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08n or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.00.09.08n.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 13 April 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Apache-based Web Server is contained in the Apache Web Server Suite. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09\nNote: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15\n\nWeb Server Suite Version / HP-UX Release / Depot name\n\nWeb Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot\n\nWeb Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot\n\nWeb Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot\n\nWeb Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot\n\nWeb Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot\n\nWeb Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot\n\nWeb Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=12334",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0740",
        "trust": 3.4
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0710",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1023748",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1216",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0933",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0839",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "42733",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "39932",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "42724",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "43311",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "39013",
        "trust": 0.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "12334",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2010-0740",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169649",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "98419",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "105638",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88621",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "88387",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "90263",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "id": "VAR-201003-0281",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.44448256
  },
  "last_update_date": "2024-11-29T21:20:24.082000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4723",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4723"
      },
      {
        "title": "HPSBUX02517",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02079216"
      },
      {
        "title": "HPSBUX02531",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02160663"
      },
      {
        "title": "5092",
        "trust": 0.8,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5092"
      },
      {
        "title": "5101",
        "trust": 0.8,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=5101"
      },
      {
        "title": "secadv_20100324",
        "trust": 0.8,
        "url": "http://www.openssl.org/news/secadv_20100324.txt"
      },
      {
        "title": "VMSA-2011-0003",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
      },
      {
        "title": "openssl-0.9.8n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=155"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2010-0740: openssl denial-of-service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f6760a316bfc017e8e4b03c469542809"
      },
      {
        "title": "Symantec Security Advisories: SA50 : Multiple SSL/TLS vulnerabilities in Reporter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e934b8269c86666c1ebc108ca0e3d35"
      },
      {
        "title": "VMware Security Advisories: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93"
      },
      {
        "title": "deepdig",
        "trust": 0.1,
        "url": "https://github.com/cyberdeception/deepdig "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2010/0710"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1023748"
      },
      {
        "trust": 2.0,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc"
      },
      {
        "trust": 2.0,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
      },
      {
        "trust": 1.8,
        "url": "http://www.openssl.org/news/secadv_20100324.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/0839"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/038587.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/0933"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/1216"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/39932"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/42733"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/42724"
      },
      {
        "trust": 1.7,
        "url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000101.html"
      },
      {
        "trust": 1.7,
        "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-january/000102.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/43311"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4723"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11731"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu976710"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0740"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sun.com/security/entry/cve_2010_0433_openssl_with"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata45.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata46.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openbsd.org/errata47.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.openssl.org"
      },
      {
        "trust": 0.3,
        "url": "http://security-center.intel.com/advisory.aspx?intelid=intel-sa-00024\u0026languageid=en-fr"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/510726"
      },
      {
        "trust": 0.3,
        "url": "http://voodoo-circle.sourceforge.net/sa/sa-20100624-02.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11504.html"
      },
      {
        "trust": 0.3,
        "url": "https://support.f5.com/kb/en-us/solutions/public/11000/500/sol11533.html"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/news/secadv_20100324.txt"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4355"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20139"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/12334/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/cyberdeception/deepdig"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1086"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0730"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1088"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1027919"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2939"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0307"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1031330"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0003"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0106"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos_vi.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0107"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0841"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0291"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2248"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0415"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1027904"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0842"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/eos.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0886"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0734"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1157"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0007"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0850"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2524"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0839"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0622"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3825"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1084"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5416"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1384"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0008"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0849"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2070"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4308"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4308"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0007"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5416"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3864"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3825"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0410"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1437"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0003"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0437"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0844"
      },
      {
        "trust": 0.1,
        "url": "http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2066"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0089"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0087"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1436"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1029353"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0085"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0846"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2226"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1173"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0008"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1641"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2928"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0106"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1187"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2521"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3081"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0843"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201110-01.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
      },
      {
        "trust": 0.1,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "db": "BID",
        "id": "39013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-03-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "date": "2010-03-24T00:00:00",
        "db": "BID",
        "id": "39013"
      },
      {
        "date": "2010-04-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "date": "2010-03-24T12:12:12",
        "db": "PACKETSTORM",
        "id": "169649"
      },
      {
        "date": "2011-02-11T13:13:00",
        "db": "PACKETSTORM",
        "id": "98419"
      },
      {
        "date": "2011-10-09T16:42:00",
        "db": "PACKETSTORM",
        "id": "105638"
      },
      {
        "date": "2010-04-19T20:27:54",
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "date": "2010-04-15T22:26:05",
        "db": "PACKETSTORM",
        "id": "88387"
      },
      {
        "date": "2010-06-04T04:25:14",
        "db": "PACKETSTORM",
        "id": "90263"
      },
      {
        "date": "2010-03-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "date": "2010-03-26T18:30:00.467000",
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2010-0740"
      },
      {
        "date": "2015-04-13T22:05:00",
        "db": "BID",
        "id": "39013"
      },
      {
        "date": "2011-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      },
      {
        "date": "2023-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      },
      {
        "date": "2024-11-21T01:12:51.857000",
        "db": "NVD",
        "id": "CVE-2010-0740"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "88621"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl3_get_record Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001227"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201003-393"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2010-0740

Vulnerability from cvelistv5

ghsa-qr53-p9wq-vjrx

Vulnerability from github

gsd-2010-0740

Vulnerability from gsd

var-201003-0281

Vulnerability from variot

Patch

References

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

CVSS 2.0 Base Metrics

HP-UX B.11.11

HP-UX B.11.23

HP-UX B.11.31

Tags

Sightings

Nomenclature