Lucene search

K
nessusTenable801067.PRM
HistoryMar 29, 2012 - 12:00 a.m.

OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple Vulnerabilities

2012-03-2900:00:00
Tenable
www.tenable.com
8

OpenSSL versions earlier than 0.9.8u and 1.0.0h are potentially affected by multiple vulnerabilities :

  • A NULL pointer dereference flaw exists in mime_param_cmp. A specially crafted S/MIME input header could cause an application to crash during S/MIME message verification or decryption. (CVE-2012-1165)

  • A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher’s attack on PKCS 1 v1.5 RSA padding. Note that only users of CMS, PKCS 7, or S/MIME decryption operations are affected.

Binary data 801067.prm