CVE-2011-5268
First published: Tue Dec 24 2013(Updated: )
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| duckcorp Bip | =0.8.5 | |
| duckcorp Bip | =0.8.1 | |
| duckcorp Bip | =0.8.2 | |
| duckcorp Bip | =0.8.6 | |
| duckcorp Bip | =0.8.0-rc1 | |
| duckcorp Bip | =0.8.7 | |
| duckcorp Bip | =0.8.0 | |
| duckcorp Bip | =0.8.0-rc0 | |
| duckcorp Bip | =0.8.4 | |
| duckcorp Bip | =0.8.3 | |
| duckcorp Bip | <=0.8.8 | |
| Red Hat Fedora | =18 | |
| Red Hat Fedora | =20 | |
| Red Hat Fedora | =19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://projects.duckcorp.org/versions/13
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122278.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122274.html
- https://projects.duckcorp.org/issues/261
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121868.html
- http://www.openwall.com/lists/oss-security/2014/01/02/9
Frequently Asked Questions
What is the severity of CVE-2011-5268?
CVE-2011-5268 has a severity rating that indicates it can lead to denial of service due to file descriptor consumption.
How do I fix CVE-2011-5268?
To fix CVE-2011-5268, upgrade to a version of Bip that is 0.8.9 or later.
What versions of Bip are affected by CVE-2011-5268?
Versions of Bip from 0.8.0 up to and including 0.8.8 are affected by CVE-2011-5268.
Is CVE-2011-5268 specific to certain operating systems?
CVE-2011-5268 affects Bip on various operating systems, including Fedora versions 18, 19, and 20.
What type of attack does CVE-2011-5268 enable?
CVE-2011-5268 enables remote attackers to execute a denial of service attack through multiple failed SSL handshakes.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/duckcorp
- canonical/duckcorp bip
- version/duckcorp bip/0.8.5
- version/duckcorp bip/0.8.1
- version/duckcorp bip/0.8.2
- version/duckcorp bip/0.8.6
- version/duckcorp bip/0.8.0-rc1
- version/duckcorp bip/0.8.7
- version/duckcorp bip/0.8.0
- version/duckcorp bip/0.8.0-rc0
- version/duckcorp bip/0.8.4
- version/duckcorp bip/0.8.3
- version/duckcorp bip/0.8.8
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/18
- version/red hat fedora/20
- version/red hat fedora/19