Lucene search

K
freebsdFreeBSD60EB344E-6EB1-11E1-8AD7-00E0815B8DA8
HistoryMar 12, 2012 - 12:00 a.m.

OpenSSL -- CMS and S/MIME Bleichenbacher attack

2012-03-1200:00:00
vuxml.freebsd.org
27

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.1%

The OpenSSL Team reports:

A weakness in the OpenSSL CMS and PKCS #7 code can be exploited
using Bleichenbacher’s attack on PKCS #1 v1.5 RSA padding
also known as the million message attack (MMA).
Only users of CMS, PKCS #7, or S/MIME decryption operations are
affected. A successful attack needs on average 2^20 messages. In
practice only automated systems will be affected as humans will
not be willing to process this many messages.
SSL/TLS applications are NOT affected by this problem since
the SSL/TLS code does not use the PKCS#7 or CMS decryption
code.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchopenssl< 1.0.0_10UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.1%