Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because the AES-NI functionality for TLS 1.1 and 1.2 can cause an application crash through CBC data...

Ubuntu 12.04 LTS / 12.10 : openssl vulnerability (USN-1732-3)

USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. We apologize for the inconvenience. Adam...

Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openssl vulnerabilities (USN-1732-1)

Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10...

Ubuntu: Security Advisory (USN-1732-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1732-1: OpenSSL vulnerabilities

Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10...

Debian DSA-2622-1 : polarssl - several vulnerabilities

Multiple vulnerabilities have been found in PolarSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of craft...

DSA-2622-1 polarssl - several

Bulletin has no description...

Debian: Security Advisory (DSA-2622-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

crypto/evp/eaescbchmacsha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service application crash via crafted CBC data...

CVE-2012-2686

crypto/evp/eaescbchmacsha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service application crash via crafted CBC data...

CVE-2012-2686

CVE-2012-2686 is an OpenSSL CBC/TLS vulnerability that can allow a DoS (application crash) on AES-NI platforms using TLS 1.1/1.2. The linked advisories confirm multiple IBM products affected by this OpenSSL issue and recommend applying product-specific fixes or upgrading to patched OpenSSL versio...

CVE-2012-2686

crypto/evp/eaescbchmacsha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service application crash via crafted CBC data...