Lucene search
UbuntuUSN-1451-1HistoryMay 24, 2012 - 12:00 a.m.
OpenSSL vulnerabilities
2012-05-2400:00:00
ubuntu.com
47
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
High
EPSS
0.047
Percentile
92.7%
Releases
- Ubuntu 12.04
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04
- Ubuntu 8.04
Packages
- openssl - Secure Socket Layer (SSL) cryptographic library and tools
Details
Ivan Nestlerode discovered that the Cryptographic Message Syntax
(CMS) and PKCS #7 implementations in OpenSSL returned early if RSA
decryption failed. This could allow an attacker to expose sensitive
information via a Million Message Attack (MMA). (CVE-2012-0884)
It was discovered that an integer underflow was possible when using
TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a
remote attacker to cause a denial of service. (CVE-2012-2333)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 8.04 | noarch | libssl0.9.8 | < 0.9.8g-4ubuntu3.19 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libcrypto0.9.8-udeb | < 0.9.8g-4ubuntu3.19 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libssl-dev | < 0.9.8g-4ubuntu3.19 | UNKNOWN |
| Ubuntu | 8.04 | noarch | libssl0.9.8-dbg | < 0.9.8g-4ubuntu3.19 | UNKNOWN |
| Ubuntu | 8.04 | noarch | openssl | < 0.9.8g-4ubuntu3.19 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libssl1.0.0 | < 1.0.1-4ubuntu5.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libcrypto1.0.0-udeb | < 1.0.1-4ubuntu5.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libssl-dev | < 1.0.1-4ubuntu5.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libssl1.0.0-dbg | < 1.0.1-4ubuntu5.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | libssl1.0.0-udeb | < 1.0.1-4ubuntu5.2 | UNKNOWN |
Related
openvas
openvas
CentOS Update for openssl CESA-2012:0699 centos6
2012-07-30 00:00:00
Oracle: Security Advisory (ELSA-2012-0699)
2015-10-06 00:00:00
RedHat Update for openssl RHSA-2012:0699-01
2012-06-01 00:00:00
nessus
nessus
Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529)
2012-08-01 00:00:00
CentOS 5 / 6 : openssl (CESA-2012:0699)
2012-05-30 00:00:00
Oracle Linux 5 / 6 : openssl (ELSA-2012-0699)
2013-07-12 00:00:00
oraclelinux
oraclelinux
openssl security and bug fix update
2012-05-29 00:00:00
openssl security and bug fix update
2012-03-27 00:00:00
centos
centos
openssl security update
2012-05-29 22:40:25
openssl security update
2012-03-28 00:47:32
redhat
redhat
(RHSA-2012:0699) Moderate: openssl security and bug fix update
2012-05-29 00:00:00
(RHSA-2012:1306) Important: openssl security update
2012-09-24 15:52:11
(RHSA-2012:1307) Important: openssl security update
2012-09-24 15:53:22
securityvulns
securityvulns
OpenSSL DoS
2012-05-21 00:00:00
OpenSSL security vulnerabilities
2012-04-02 00:00:00
[ MDVSA-2012:038 ] openssl
2012-04-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0j-alt1
2012-05-12 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.0j-alt1
2012-05-12 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0j-alt1
2012-05-12 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2012-2333
2012-05-10 00:00:00
Vulnerability in OpenSSL CVE-2012-0884
2012-03-12 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: openssl-1.0.0j-1.fc17
2012-05-29 10:32:44
[SECURITY] Fedora 16 Update: openssl-1.0.0j-1.fc16
2012-06-03 00:00:32
[SECURITY] Fedora 15 Update: openssl-1.0.0j-1.fc15
2012-06-03 00:02:27
prion
prion
Integer overflow
2012-05-14 22:55:00
Information disclosure
2012-03-13 03:12:00
Code injection
2012-08-08 10:26:00
ibm
ibm
cve
cve
ubuntucve
ubuntucve
CVE-2012-2333
2012-05-14 00:00:00
CVE-2012-0884
2012-03-12 00:00:00
freebsd
freebsd
OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
2012-05-10 00:00:00
OpenSSL -- CMS and S/MIME Bleichenbacher attack
2012-03-12 00:00:00
FreeBSD -- OpenSSL multiple vulnerabilities
2012-05-03 00:00:00
suse
suse
Security update for openssl (important)
2012-05-31 01:08:19
Security update for openssl (important)
2012-05-31 00:08:26
Security update for openssl (important)
2012-05-30 23:08:17
f5
f5
K15401 : OpenSSL vulnerability CVE-2012-2333
2014-07-10 00:00:00
SOL15401 - OpenSSL vulnerability CVE-2012-2333
2014-07-09 00:00:00
K13598 : OpenSSL vulnerability CVE-2012-0884
2013-09-20 00:00:00
cvelist
cvelist
veracode
veracode
Denial Of Service (DoS) Through Buffer Over-read
2017-02-09 00:16:21
Denial Of Service (DoS) Through Buffer Over-read
2019-01-15 08:51:36
Million Message Attack (MMA)
2017-02-09 01:46:40
amazon
amazon
Medium: openssl
2012-06-10 11:48:00
Medium: openssl
2012-04-05 12:49:00
debian
debian
[SECURITY] [DSA 2475-1] openssl security update
2012-05-17 23:14:31
[SECURITY] [DSA 2454-1] openssl security update
2012-04-19 21:21:20
nvd
nvd
debiancve
debiancve
CVE-2012-2333
2012-05-14 22:55:03
CVE-2012-0884
2012-03-13 03:12:26
checkpoint_security
checkpoint_security
Check Point response to OpenSSL CVE-2012-0884
2012-06-07 21:00:00
aix
aix
Multiple OpenSSL vulnerabilities
2012-08-01 09:25:58
gentoo
gentoo
OpenSSL: Multiple Vulnerabilities
2013-12-03 00:00:00
cert
cert
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:01.openssl
2012-05-30 00:00:00
osv
osv
openssl - multiple
2012-04-24 00:00:00
openssl - incomplete fix
2012-04-24 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
High
EPSS
0.047
Percentile
92.7%
Related for USN-1451-1