Apple QuickTime MPEG Stream Padding Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...

OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple Vulnerabilities

Binary data 6400.prm...

OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple Vulnerabilities

Binary data 801067.prm...

CVE-2012-1439

The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional...

FreeBSD : OpenSSL -- CMS and S/MIME Bleichenbacher attack (60eb344e-6eb1-11e1-8ad7-00e0815b8da8)

The OpenSSL Team reports : A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

Vulnerability in OpenSSL - CMS and S/MIME Bleichenbacher attack

A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher’s attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected, SSL/TLS applications are not affected by this issue. Found...

OpenSSL -- CMS and S/MIME Bleichenbacher attack

The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

FreeBSD Ports: openssl

The remote host is missing an update to the system as announced in the referenced advisory. VID 78cc8a46-3e56-11e1-89b4-001ec9578670 OpenVAS Vulnerability Test $ Description: Auto generated from VID 78cc8a46-3e56-11e1-89b4-001ec9578670 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

openssl security update

0.9.7a-43.18 - CVE-2011-4576 - properly initialize SSL 3.0 block cipher padding 771775 - CVE-2011-4619 - fix SGC restart DoS attack 771780...

openssl: DTLS plaintext recovery attack

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

openssl: DTLS plaintext recovery attack

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack...

openssl security update

1.0.0-20.1 - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes 771770 - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding 771775 - fix for CVE-2011-4577 - possible DoS through malformed RFC 3779 data 771778 - fix for CVE-2011-4619 - SGC...

openssl security update

0.9.8e-20.1 - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes 771770 - fix for CVE-2011-4109 - double free in policy checks 771771 - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding 771775 - fix for CVE-2011-4619 - SGC restart DoS attac...

Mandriva Linux Security Advisory : openssl (MDVSA-2012:006)

Multiple vulnerabilities has been found and corrected in openssl : The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack CVE-2011-410...

SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)

Various security vulnerabilities have been fixed in OpenSSL : - DTLS plaintext recovery attack. CVE-2011-4108 - double-free in Policy Checks. CVE-2011-4109 - uninitialized SSL 3.0 padding. CVE-2011-4576 - malformed RFC 3779 data can cause assertion failures. CVE-2011-4577 - SGC restart DoS attack...

openssl: fixing various security issues (important)

Various security vulnerabilities have been fixed in openssl: - DTLS plaintext recovery attack CVE-2011-4108 - uninitialized SSL 3.0 padding CVE-2011-4576 - malformed RFC 3779 data can cause assertion failures CVE-2011-4577 - SGC restart DoS attack CVE-2011-4619 - invalid GOST parameters DoS attac...