Lucene search

K
ubuntu
UbuntuUSN-1424-1
HistoryApr 19, 2012 - 12:00 a.m.

OpenSSL vulnerabilities

2012-04-1900:00:00
ubuntu.com
26

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.147 Low

EPSS

Percentile

95.6%

Releases

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

It was discovered that OpenSSL could be made to dereference a NULL pointer
when processing S/MIME messages. A remote attacker could use this to cause
a denial of service. These issues did not affect Ubuntu 8.04 LTS.
(CVE-2006-7250, CVE-2012-1165)

Tavis Ormandy discovered that OpenSSL did not properly perform bounds
checking when processing DER data via BIO or FILE functions. A remote
attacker could trigger this flaw in services that used SSL to cause a
denial of service or possibly execute arbitrary code with application
privileges. (CVE-2012-2110)

Rows per page:
1-10 of 231
How to protect your server from attacks?

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.147 Low

EPSS

Percentile

95.6%

Related for USN-1424-1