製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenSSL の ASN1_STRING_print_ex 関数におけるサービス運用妨害 (DoS) の脆弱性

Title	OpenSSL の ASN1_STRING_print_ex 関数におけるサービス運用妨害 (DoS) の脆弱性
Summary	OpenSSL の ASN1_STRING_print_ex 関数には、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。
Possible impacts	第三者により、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 27, 2009, midnight
Registration Date	April 20, 2009, 11:55 a.m.
Last Update	Oct. 1, 2012, 5:10 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

RHEL Desktop Workstation 5 (client)

IBM

IBM AIX 5.2

IBM AIX 5.3

IBM AIX 6.1

The PHP Group

PHP 5.2.9-2 未満

OpenSSL Project

OpenSSL 0.9.8k 未満

ターボリナックス

Turbolinux Appliance Server 2.0

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux FUJI

Turbolinux Server 10

Turbolinux Server 10 (x64)

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.5

Apple Mac OS X Server v10.5.8

VMware

VMware ESX 3.0.3

VMware ESX 3.5

VMware ESX 4.0

VMware ESX 4.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0590	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
National Vulnerability Database (NVD)
2	CVE-2009-0590	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0590

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3865	http://support.apple.com/kb/HT3865
Apple セキュリティアップデート
2	HT3865	http://support.apple.com/kb/HT3865?viewlocale=ja_JP
Asianux Technical Support Network
3	openssl-0.9.8e-12AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=745
IBM
4	4627	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4627
MIRACLE LINUX アップデート情報
5	2043	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2043
OpenSSL Security Advisory
6	secadv_20090325	http://www.openssl.org/news/secadv_20090325.txt
PHP
7	PHP 5.2.9-2 (Windows) released	http://www.php.net/archive/2009.php#id2009-04-08-1
Red Hat Security Advisory
8	RHSA-2009:1335	https://rhn.redhat.com/errata/RHSA-2009-1335.html
9	RHSA-2010:0163	https://rhn.redhat.com/errata/RHSA-2010-0163.html
SECURITY BLOG
10	Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware	https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun
Sun Alert Notification
11	258048	http://sunsolve.sun.com/search/document.do?assetkey=1-66-258048-1
Turbolinux Security Advisory
12	TLSA-2009-13	http://www.turbolinux.co.jp/security/2009/TLSA-2009-13j.txt
VMware Security Advisories
13	VMSA-2010-0019	http://www.vmware.com/security/advisories/VMSA-2010-0019.html
レッドハットセキュリティーアップデート
14	RHSA-2009:1335	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1335J.html

その他

No	Name	URL
ISS X-Force Database
1	49431	http://xforce.iss.net/xforce/xfdb/49431
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
2	52864	http://www.osvdb.org/52864
Secunia Advisory
3	SA34411	http://secunia.com/advisories/34411
4	SA34666	http://secunia.com/advisories/34666
SecurityFocus
5	34256	http://www.securityfocus.com/bid/34256
VUPEN Security
6	VUPEN/ADV-2009-0850	http://www.vupen.com/english/advisories/2009/0850

Change Log

No	Changed Details	Date of change
0	[2009年04月20日] 掲載 [2009年06月23日] 影響を受けるシステム：IBM (4627) の情報を追加影響を受けるシステム：サン・マイクロシステムズ (258048) の情報を追加影響を受けるシステム：ターボリナックス (TLSA-2009-13) の情報を追加ベンダ情報：IBM (4627) を追加ベンダ情報：サン・マイクロシステムズ (258048) を追加ベンダ情報：ターボリナックス (TLSA-2009-13) を追加 [2009年09月29日] 影響を受けるシステム：アップル (HT3865) の情報を追加影響を受けるシステム：ミラクル・リナックス (openssl-0.9.8e-12AXS3) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1335) の情報を追加ベンダ情報：アップル (HT3865) を追加ベンダ情報：ミラクル・リナックス (openssl-0.9.8e-12AXS3) を追加ベンダ情報：レッドハット (RHSA-2009:1335) を追加 [2010年04月09日] 影響を受けるシステム：ミラクル・リナックス (2043) の情報を追加影響を受けるシステム：レッドハット (RHSA-2010:0163) の情報を追加ベンダ情報：ミラクル・リナックス (2043) を追加ベンダ情報：レッドハット (RHSA-2010:0163) を追加 [2010年12月20日] 影響を受けるシステム：VMware (VMSA-2010-0019) の情報を追加ベンダ情報：VMware (VMSA-2010-0019) を追加 [2012年10月01日] ベンダ情報：オラクル (Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-0590

Summary	The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
Publication Date	March 28, 2009, 1:30 a.m.
Registration Date	Jan. 29, 2021, 1:14 p.m.
Last Update	Nov. 4, 2020, 2:38 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl::::::::					0.9.8k

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc	NETBSD	Third Party Advisory
2	http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html	APPLE	Mailing List Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html	SUSE	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	SUSE	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	SUSE	Mailing List Third Party Advisory
6	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	MLIST	Third Party Advisory
7	http://marc.info/?l=bugtraq&m=124464882609472&w=2	HP	Mailing List Third Party Advisory
8	http://marc.info/?l=bugtraq&m=125017764422557&w=2	HP	Mailing List Third Party Advisory
9	http://marc.info/?l=bugtraq&m=127678688104458&w=2	HP	Mailing List Third Party Advisory
10	http://secunia.com/advisories/34411	SECUNIA	Third Party Advisory
11	http://secunia.com/advisories/34460	SECUNIA	Third Party Advisory
12	http://secunia.com/advisories/34509	SECUNIA	Third Party Advisory
13	http://secunia.com/advisories/34561	SECUNIA	Third Party Advisory
14	http://secunia.com/advisories/34666	SECUNIA	Third Party Advisory
15	http://secunia.com/advisories/34896	SECUNIA	Third Party Advisory
16	http://secunia.com/advisories/34960	SECUNIA	Third Party Advisory
17	http://secunia.com/advisories/35065	SECUNIA	Third Party Advisory
18	http://secunia.com/advisories/35181	SECUNIA	Third Party Advisory
19	http://secunia.com/advisories/35380	SECUNIA	Third Party Advisory
20	http://secunia.com/advisories/35729	SECUNIA	Third Party Advisory
21	http://secunia.com/advisories/36533	SECUNIA	Third Party Advisory
22	http://secunia.com/advisories/36701	SECUNIA	Third Party Advisory
23	http://secunia.com/advisories/38794	SECUNIA	Third Party Advisory
24	http://secunia.com/advisories/38834	SECUNIA	Third Party Advisory
25	http://secunia.com/advisories/42467	SECUNIA	Third Party Advisory
26	http://secunia.com/advisories/42724	SECUNIA	Third Party Advisory
27	http://secunia.com/advisories/42733	SECUNIA	Third Party Advisory
28	http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc	FREEBSD	Third Party Advisory
29	http://securitytracker.com/id?1021905	SECTRACK	Third Party Advisory VDB Entry
30	http://sourceforge.net/project/shownotes.php?release_id=671059&group_id=116847	CONFIRM	Patch Third Party Advisory
31	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258048-1	SUNALERT	Broken Link
32	http://support.apple.com/kb/HT3865	CONFIRM	Third Party Advisory
33	http://support.avaya.com/elmodocs2/security/ASA-2009-172.htm	CONFIRM	Third Party Advisory
34	http://voodoo-circle.sourceforge.net/sa/sa-20090326-01.html	CONFIRM	Third Party Advisory
35	http://wiki.rpath.com/Advisories:rPSA-2009-0057	CONFIRM	Broken Link
36	http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0057	MISC	Broken Link
37	http://www.debian.org/security/2009/dsa-1763	DEBIAN	Third Party Advisory
38	http://www.mandriva.com/security/advisories?name=MDVSA-2009:087	MANDRIVA	Third Party Advisory
39	http://www.openssl.org/news/secadv_20090325.txt	CONFIRM	Vendor Advisory
40	http://www.osvdb.org/52864	OSVDB	Broken Link
41	http://www.php.net/archive/2009.php#id2009-04-08-1	CONFIRM	Third Party Advisory
42	http://www.redhat.com/support/errata/RHSA-2009-1335.html	REDHAT	Third Party Advisory
43	http://www.securityfocus.com/archive/1/502429/100/0/threaded	BUGTRAQ	Third Party Advisory VDB Entry
44	http://www.securityfocus.com/archive/1/515055/100/0/threaded	BUGTRAQ	Third Party Advisory VDB Entry
45	http://www.securityfocus.com/bid/34256	BID	Patch Third Party Advisory VDB Entry
46	http://www.ubuntu.com/usn/usn-750-1	UBUNTU	Third Party Advisory
47	http://www.vmware.com/security/advisories/VMSA-2010-0019.html	CONFIRM	Third Party Advisory
48	http://www.vupen.com/english/advisories/2009/0850	VUPEN	Permissions Required
49	http://www.vupen.com/english/advisories/2009/1020	VUPEN	Permissions Required
50	http://www.vupen.com/english/advisories/2009/1175	VUPEN	Permissions Required
51	http://www.vupen.com/english/advisories/2009/1220	VUPEN	Permissions Required
52	http://www.vupen.com/english/advisories/2009/1548	VUPEN	Permissions Required
53	http://www.vupen.com/english/advisories/2010/0528	VUPEN	Permissions Required
54	http://www.vupen.com/english/advisories/2010/3126	VUPEN	Permissions Required
55	https://exchange.xforce.ibmcloud.com/vulnerabilities/49431	XF	Third Party Advisory VDB Entry
56	https://kb.bluecoat.com/index?page=content&id=SA50	CONFIRM	Third Party Advisory
57	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	MLIST	Third Party Advisory
58	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	MLIST	Third Party Advisory
59	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10198	OVAL	Third Party Advisory
60	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6996	OVAL	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html