Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4108

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4108
Last Modified 26 Mar 2014 12:24:24
Published 05 Jan 2012 08:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4108

Summary

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.7m

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l

  • Openssl 0.9.8m

  • Openssl 0.9.8n

  • Openssl 0.9.8o

  • Openssl 0.9.8p

  • Openssl 0.9.8q

  • Openssl 0.9.8r

  • Openssl 1.0.0

  • Openssl 1.0.0a

  • Openssl 1.0.0b

  • Openssl 1.0.0c

  • Openssl 1.0.0d

  • Openssl 1.0.0e


References

CONFIRM - http://www.openssl.org/news/secadv_20120104.txt

MISC - http://www.isg.rhul.ac.uk/~kp/dtls.pdf

MANDRIVA - MDVSA-2012:007

MANDRIVA - MDVSA-2012:006

SUSE - SUSE-SU-2012:0084

SUSE - openSUSE-SU-2012:0083

HP - HPSBMU02786

HP - SSRT100877

SECUNIA - 48528

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

HP - HPSBOV02793

HP - SSRT100891

REDHAT - RHSA-2012:1308

REDHAT - RHSA-2012:1307

REDHAT - RHSA-2012:1306

DEBIAN - DSA-2390

HP - HPSBUX02734

HP - SSRT100729

CONFIRM - http://support.apple.com/kb/HT5784

APPLE - APPLE-SA-2013-06-04-1

FEDORA - FEDORA-2012-18035

CONFIRM - https://securityadvisories.paloaltonetworks.com/Home/Detail/17

CERT-VN - VU#737740

SUSE - SUSE-SU-2014:0320

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

SECUNIA - 57353

SECUNIA - 57260

Related Patches

Apple 2013-06-04 Security Update 2013-002 Server (Lion)

Red Hat 2012:0060-01 RHSA Moderate: openssl security update for RHEL 5 x86

Red Hat 2012:0060-01 RHSA Moderate: openssl security update for RHEL 5 x86_64

Novell SUSE 2012:5635 libopenssl-devel security update for SLE 11 SP1 i586

Novell SUSE 2012:5635 libopenssl-devel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:7923 openssl security update for SLE 10 SP4 i586

Novell SUSE 2012:7923 openssl security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:58:00