Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3210

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3210
Last Modified 26 Mar 2014 12:22:06
Published 22 Sep 2011 06:55:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3210

Summary

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.

Vulnerable Systems

Application

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l

  • Openssl 0.9.8m

  • Openssl 0.9.8n

  • Openssl 0.9.8o

  • Openssl 0.9.8p

  • Openssl 0.9.8q

  • Openssl 0.9.8r

  • Openssl 0.9.8s

  • Openssl 1.0.0

  • Openssl 1.0.0a

  • Openssl 1.0.0b

  • Openssl 1.0.0c

  • Openssl 1.0.0d


References

CONFIRM - http://cvs.openssl.org/chngview?cn=21337

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=736079

SECTRACK - 1026012

MANDRIVA - MDVSA-2011:137

CONFIRM - http://openssl.org/news/secadv_20110906.txt

HP - SSRT100802

HP - HPSBMU02752

HP - SSRT100729

HP - HPSBUX02734

CONFIRM - http://support.apple.com/kb/HT5784

APPLE - APPLE-SA-2013-06-04-1

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

SECUNIA - 57353

Related Patches

Apple 2013-06-04 Security Update 2013-002 Server (Lion)

Novell SUSE 2011:5160 libopenssl-devel security update for SLE 11 SP1 i586

Novell SUSE 2011:7760 openssl security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:58:05