Skip to main content

Fedora CVE-2013-4550

MEDIUM
Cryptographic Issues (CWE-310)
2013-12-24 secalert@redhat.com
5.1
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:H/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 24, 2013 - 18:55 cve.org
MEDIUM 5.1

DescriptionCVE.org

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.

AnalysisAI

Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-310. Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268. Affected products include: Fedoraproject Fedora, Duckcorp Bip. Version information: before 0.8.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2013-4550 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy