Lucene search
Ubuntu.comUB:CVE-2011-3210HistorySep 22, 2011 - 12:00 a.m.
CVE-2011-3210
2011-09-2200:00:00
ubuntu.com
ubuntu.com
14
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.305
Percentile
97.0%
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through
0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during
processing of handshake messages from clients, which allows remote
attackers to cause a denial of service (daemon crash) via out-of-order
messages that violate the TLS protocol.
Notes
| Author | Note |
|---|---|
| jdstrand | from upstream: applications are only affected by the CRL checking vulnerability if they enable OpenSSLโs internal CRL checking which is off by default. For example by setting the verification flag X509_V_FLAG_CRL_CHECK or X509_V_FLAG_CRL_CHECK_ALL The following packages in main use this X509_V_FLAG_CRL_CHECK* curl, dovecot, exim4, freeradius, ipsec-tools, krb5, libio-socket-ssl-perl, libnet-ssleay-perl, likewise-open, mysql-5.1, nmap, openldap, openvpn, postgresql-9.1, ruby1.8, squid, telepathy-gabble, telepathy-salut, wpasupplicant the above need to also support ECDH to be affected |
Related
nessus
nessus
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7760)
2011-12-13 00:00:00
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7766)
2011-10-24 00:00:00
SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5160)
2011-12-13 00:00:00
cve
cve
CVE-2011-3210
2011-09-22 10:55:03
checkpoint_advisories
checkpoint_advisories
OpenSSL Handshake Sequence Cipher Suite Use-After-Free (CVE-2011-3210)
2012-05-14 00:00:00
OpenSSL Handshake Requests ECDH Use-After-Free (CVE-2011-3210)
2012-05-14 00:00:00
openvas
openvas
OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Windows
2021-08-16 00:00:00
OpenSSL: TLS Ephemeral ECDH Crashes (20110906) - Linux
2021-08-16 00:00:00
FreeBSD Ports: openssl
2011-09-21 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2011-3210
2011-09-06 00:00:00
prion
prion
Code injection
2011-09-22 10:55:00
debiancve
debiancve
CVE-2011-3210
2011-09-22 10:55:03
cvelist
cvelist
CVE-2011-3210
2011-09-22 10:00:00
nvd
nvd
CVE-2011-3210
2011-09-22 10:55:03
f5
f5
K16834 : OpenSSL vulnerability CVE-2011-3210
2015-07-01 00:00:00
SOL16834 - OpenSSL vulnerability CVE-2011-3210
2015-07-01 00:00:00
freebsd
freebsd
OpenSSL -- multiple vulnerabilities
2011-09-06 00:00:00
securityvulns
securityvulns
OpenSSL security vulnerabilities
2011-10-16 00:00:00
debian
debian
[BSA-060] Security Update for openssl
2011-11-14 04:20:38
ibm
ibm
ubuntu
ubuntu
OpenSSL vulnerabilities
2012-02-09 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2011-10-09 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.305
Percentile
97.0%
Related for UB:CVE-2011-3210