we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability announce CVE-2011-4108 CVE-2011-4109 CVE-2011-4576

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several OpenSSL vulnerabilities, in order to obtain information, to create a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, FreeBSD, HP-UX, AIX, IVE OS, Junos Pulse, Juniper SA, MES, Mandriva Linux, NetBSD, OpenSSL, openSUSE, Solaris, RHEL, JBoss Enterprise, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere Hypervisor.
Severity: 3/4.
Creation date: 05/01/2012.
Identifiers: BID-51281, c03141193, CERTA-2012-AVI-006, CERTA-2012-AVI-171, CERTA-2012-AVI-479, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, DSA-2390-1, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, ESXi410-201208101-SG, ESXi500-201212102-SG, FEDORA-2012-0232, FEDORA-2012-0250, FreeBSD-SA-12:01.openssl, HPSBUX02734, MDVSA-2012:006, MDVSA-2012:007, openSUSE-SU-2012:0083-1, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, PSN-2012-09-712, RHSA-2012:0059-01, RHSA-2012:0060-01, RHSA-2012:0086-01, RHSA-2012:0109-01, RHSA-2012:0168-01, RHSA-2012:1306-01, RHSA-2012:1307-01, RHSA-2012:1308-01, SSRT100729, SUSE-SU-2012:0084-1, VIGILANCE-VUL-11257, VMSA-2012-0005.2, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.2, VMSA-2013-0003.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol. In CBC mode, an attacker can measure time difference of decryption computation, in order to retrieve the clear text (VIGILANCE-VUL-11262). [severity:1/4; CERTA-2012-AVI-006, CERTA-2012-AVI-171, CVE-2011-4108]

When the X509_V_FLAG_POLICY_CHECK is set on OpenSSL 0.9.8, an attacker can generate a double memory free, which may lead to code execution. Apache httpd does not use this flag. [severity:3/4; CVE-2011-4109]

When SSL 3.0 is used, each message can contain up to 15 bytes which are not reset before being sent. This occurs when a message is larger than the previous message, and in practice these data come from the handshake and are not sensitive. [severity:2/4; CVE-2011-4576]

When OpenSSL is configured with "enable-rfc3779", a certificate containing malformed RFC 3779 data (X.509 Extensions for IP Addresses and AS Identifiers) generates an assertion error, which stops the application. [severity:2/4; CVE-2011-4577]

The SGC (Server Gated Cryptography) technology processes weak algorithms/keys, and it is considered as obsolete. An attacker can use the handshake restart feature of SGC, in order to create a denial of service. [severity:2/4; CVE-2011-4619]

When GOST ENGINE (GOST algorithms defined in draft-chudov-cryptopro-cptls-04) are enabled, an attacker can send invalid parameters, in order to stop the TLS server. [severity:2/4; CVE-2012-0027]
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.