SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Identity Services Engine Vendors:   Cisco
(Cisco Issues Advisory for Cisco Identity Services Engine) OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact
SecurityTracker Alert ID:  1032605
SecurityTracker URL:  http://securitytracker.com/id/1032605
CVE Reference:   CVE-2015-1791   (Links to External Site)
Date:  Jun 18 2015
Impact:   Not specified
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in OpenSSL. The impact was not specified. Cisco Identity Services Engine is affected.

A remote server can return a specially crafted NewSessionTicket message to a connected multi-threaded client to cause the client to attempt to reuse a previous ticket and trigger a race condition. As a result, a double free memory error may occur in ssl3_get_new_session_ticket().

Emilia Kasper of the OpenSSL development team reported this vulnerability.

Impact:   The impact was not specified.
Solution:   Cisco has issued an advisory for Cisco Identity Services Engine. No solution was available at the time of this entry.

Cisco has assigned bug ID CSCuu83386 to this vulnerability.

The Cisco advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Jun 4 2015 OpenSSL Double Free Memory Error in ssl3_get_new_session_ticket() Has Unspecified Impact



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC