Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3207

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3207
Last Modified 26 Mar 2014 12:22:05
Published 22 Sep 2011 06:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3207

Summary

crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.

Vulnerable Systems

Application

  • Openssl 1.0.0

  • Openssl 1.0.0a

  • Openssl 1.0.0b

  • Openssl 1.0.0c

  • Openssl 1.0.0d


References

CONFIRM - http://cvs.openssl.org/chngview?cn=21349

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=736087

SECTRACK - 1026012

MANDRIVA - MDVSA-2011:137

SECUNIA - 45956

CONFIRM - http://openssl.org/news/secadv_20110906.txt

FEDORA - FEDORA-2011-12233

FEDORA - FEDORA-2011-12281

REDHAT - RHSA-2011:1409

HP - SSRT100802

HP - HPSBMU02752

CONFIRM - http://support.apple.com/kb/HT5784

APPLE - APPLE-SA-2013-06-04-1

FEDORA - FEDORA-2012-18035

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

SECUNIA - 57353

Related Patches

Apple 2013-06-04 Security Update 2013-002 Server (Lion)


Last Updated: 27 May 2016 10:57:18