OpenSSL Security Advisory [19 Apr 2012]
=======================================

ASN1 BIO vulnerability (CVE-2012-2110)
=======================================

A potentially exploitable vulnerability has been discovered in the OpenSSL
function asn1_d2i_read_bio.

Any application which uses BIO or FILE based functions to read untrusted DER
format data is vulnerable. Affected functions are of the form d2i_*_bio or
d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.

Applications using the memory based ASN1 functions (d2i_X509, d2i_PKCS12 etc)
are not affected. In particular the SSL/TLS code of OpenSSL is *not* affected.

Applications only using the PEM routines are not affected.

S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or
SMIME_read_CMS *are* affected.

The OpenSSL command line utility is also affected if used to process untrusted
data in DER format.

Note: although an application using the SSL/TLS portions of OpenSSL is not
automatically affected it might still call a function such as d2i_X509_bio on
untrusted data and be vulnerable.

Thanks to Tavis Ormandy, Google Security Team, for discovering this issue and
to Adam Langley <[email protected]> for fixing it.

Affected users should upgrade to OpenSSL 1.0.1a, 1.0.0i or 0.9.8v.

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120419.txt



#  0day.today [2018-02-06]  #

openvas 55

redhat 5

nessus 49

prion 2

f5 4

amazon 2

cve 2

altlinux 5

ubuntucve 2

debiancve 2

nvd 2

oraclelinux 3

threatpost 3

openssl 2

freebsd 2

centos 1

cvelist 2

seebug 2

veracode 2

exploitpack 1

fedora 6

zdt 2

securityvulns 14

ubuntu 2

suse 5

exploitdb 1

vmware 3

debian 2

checkpoint_security 1

osv 2

freebsd_advisory 1

aix 1

gentoo 1

ibm 8

lenovo 2

openvas

CentOS Update for openssl097a CESA-2012:0518 centos5

2012-07-30 00:00:00

RedHat Update for openssl RHSA-2012:0518-01

2012-04-26 00:00:00

FreeBSD Ports: openssl

2012-04-30 00:00:00

redhat

(RHSA-2012:0522) Important: openssl security update

2012-04-25 00:00:00

(RHSA-2012:0518) Important: openssl security update

2012-04-24 00:00:00

(RHSA-2012:1306) Important: openssl security update

2012-09-24 15:52:11

nessus

OpenSSL 0.9.8 < 0.9.8v Vulnerability

2012-04-24 00:00:00

Oracle Linux 4 : openssl (ELSA-2012-2011)

2013-07-12 00:00:00

Amazon Linux AMI : openssl (ALAS-2012-72)

2013-09-04 00:00:00

prion

Buffer overflow

2012-04-19 17:55:00

Integer overflow

2012-04-24 20:55:00

K16285 : OpenSSL vulnerability CVE-2012-2110

2015-07-24 00:00:00

SOL16285 - OpenSSL vulnerability CVE-2012-2110

2015-04-09 00:00:00

SOL17454 - OpenSSL vulnerabilities CVE-2005-2946, CVE-2008-0891, and CVE-2012-2131

2015-10-16 00:00:00

amazon

Important: openssl098e

2012-05-02 12:31:00

Important: openssl

2012-05-02 12:28:00

cve

CVE-2012-2110

2012-04-19 17:55:01

CVE-2012-2131

2012-04-24 20:55:02

altlinux

Security fix for the ALT Linux 8 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.0i-alt1

2012-04-19 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0i-alt1

2012-04-19 00:00:00

ubuntucve

CVE-2012-2110

2012-04-19 00:00:00

CVE-2012-2131

2012-04-24 00:00:00

debiancve

CVE-2012-2110

2012-04-19 17:55:01

CVE-2012-2131

2012-04-24 20:55:02

nvd

CVE-2012-2110

2012-04-19 17:55:01

CVE-2012-2131

2012-04-24 20:55:02

oraclelinux

openssl security update

2012-05-08 00:00:00

openssl security update

2012-04-25 00:00:00

openssl097a and openssl098e security update

2014-06-05 00:00:00

threatpost

E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm

2012-04-24 21:33:10

OpenSSL Releases New Fix for CVE-2012-2110 ASN1 Bug

2012-04-24 19:17:06

New Java Malware Exploits Both Windows And Mac Users

2012-04-24 17:37:49

openssl

Vulnerability in OpenSSL CVE-2012-2110

2012-04-19 00:00:00

Vulnerability in OpenSSL CVE-2012-2131

2012-04-24 00:00:00

freebsd

OpenSSL -- integer conversions result in memory corruption

2012-04-19 00:00:00

FreeBSD -- OpenSSL multiple vulnerabilities

2012-05-03 00:00:00

centos

openssl, openssl097a, openssl098e security update

2012-04-25 01:22:21

cvelist

CVE-2012-2110

2012-04-19 17:00:00

CVE-2012-2131

2012-04-24 20:00:00

seebug

OpenSSL "asn1_d2i_read_bio()" DER格式数据处理漏洞

2012-04-22 00:00:00

OpenSSL ASN1 BIO Memory Corruption Vulnerability

2014-07-01 00:00:00

veracode

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2017-02-09 00:33:40

Denial Of Service (DoS) Through Memory Consumption And Buffer Overflow

2019-01-15 08:50:55

exploitpack

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

fedora

[SECURITY] Fedora 17 Update: openssl-1.0.0i-1.fc17

2012-04-26 20:07:43

[SECURITY] Fedora 16 Update: openssl-1.0.0i-1.fc16

2012-04-27 20:50:05

[SECURITY] Fedora 15 Update: openssl-1.0.0i-1.fc15

2012-05-10 14:16:11

zdt

OpenSSL ASN1 BIO Memory Corruption Vulnerability

2012-04-19 00:00:00

OpenSSL 1.0.1 Memory Corruption

2012-04-21 00:00:00

securityvulns

OpenSSL memory corruption

2012-04-24 00:00:00

[ MDVSA-2012:064 ] openssl0.9.8

2012-04-24 00:00:00

ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities

2012-10-29 00:00:00

ubuntu

OpenSSL vulnerability

2012-04-24 00:00:00

OpenSSL vulnerabilities

2012-04-19 00:00:00

suse

Security update for compat-openssl097g (important)

2012-09-18 15:08:35

Security update for openssl (important)

2012-05-23 01:08:20

Security update for openssl (important)

2012-05-16 21:08:16

exploitdb

OpenSSL - ASN1 BIO Memory Corruption

2012-04-19 00:00:00

vmware

VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.

2013-02-21 00:00:00

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

VMware vSphere and vCOps updates to third party libraries

2012-08-30 00:00:00

debian

[SECURITY] [DSA 2454-2] openssl incomplete fix

2012-04-25 02:03:10

[SECURITY] [DSA 2454-1] openssl security update

2012-04-19 21:21:20

checkpoint_security

Check Point response to OpenSSL ASN1 BIO vulnerability (CVE-2012-2110, CVE-2012-2131)

2012-04-19 21:00:00

osv

openssl - incomplete fix

2012-04-24 00:00:00

openssl - multiple

2012-04-24 00:00:00

freebsd_advisory

FreeBSD-SA-12:01.openssl

2012-05-30 00:00:00

aix

Multiple OpenSSL vulnerabilities

2012-08-01 09:25:58

gentoo

OpenSSL: Multiple Vulnerabilities

2013-12-03 00:00:00

ibm

Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000 and D5100 and IBM Smart Analytics System 1050, 2050, 5600 and 5710 are affected by vulnerabilities in OpenSSL

2022-09-25 23:13:40

Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected by vulnerabilities in OpenSSL

2022-09-25 20:45:36

Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL versions prior to 1.0.0

2022-09-25 23:13:40

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

2018-11-13 17:10:51

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

JSON

Related for 1337DAY-ID-18104