[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256148

 
 

909

 
 

199106

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4550Date: (C)2013-12-27   (M)2023-12-22


Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
FEDORA-2013-21006
FEDORA-2013-21018
FEDORA-2013-21060
http://www.openwall.com/lists/oss-security/2014/01/02/9
https://projects.duckcorp.org/issues/261
https://projects.duckcorp.org/versions/13

CPE    14
cpe:/o:fedoraproject:fedora:20
cpe:/a:duckcorp:bip:0.8.3
cpe:/a:duckcorp:bip:0.8.0:rc0
cpe:/a:duckcorp:bip:0.8.2
...
CWE    1
CWE-310
OVAL    2
oval:org.secpod.oval:def:106087
oval:org.secpod.oval:def:106090

© SecPod Technologies