Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4576

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4576
Last Modified 26 Mar 2014 12:25:15
Published 05 Jan 2012 08:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4576

Summary

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.7m

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l

  • Openssl 0.9.8m

  • Openssl 0.9.8n

  • Openssl 0.9.8o

  • Openssl 0.9.8p

  • Openssl 0.9.8q

  • Openssl 0.9.8r

  • Openssl 1.0.0

  • Openssl 1.0.0a

  • Openssl 1.0.0b

  • Openssl 1.0.0c

  • Openssl 1.0.0d

  • Openssl 1.0.0e


References

CONFIRM - http://www.openssl.org/news/secadv_20120104.txt

MANDRIVA - MDVSA-2012:007

MANDRIVA - MDVSA-2012:006

SUSE - SUSE-SU-2012:0084

SUSE - openSUSE-SU-2012:0083

HP - SSRT100877

HP - HPSBMU02786

SECUNIA - 48528

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

HP - HPSBOV02793

HP - SSRT100891

REDHAT - RHSA-2012:1308

REDHAT - RHSA-2012:1307

REDHAT - RHSA-2012:1306

DEBIAN - DSA-2390

HP - HPSBUX02734

HP - SSRT100729

CONFIRM - http://support.apple.com/kb/HT5784

APPLE - APPLE-SA-2013-06-04-1

FEDORA - FEDORA-2012-18035

CERT-VN - VU#737740

SECUNIA - 55069

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

SECUNIA - 57353

Related Patches

Apple 2013-06-04 Security Update 2013-002 Server (Lion)

Red Hat 2012:0060-01 RHSA Moderate: openssl security update for RHEL 5 x86

Red Hat 2012:0060-01 RHSA Moderate: openssl security update for RHEL 5 x86_64

Red Hat 2012:0086-01 RHSA Moderate: openssl security update for RHEL 4 x86

Red Hat 2012:0086-01 RHSA Moderate: openssl security update for RHEL 4 x86_64

Novell SUSE 2012:5635 libopenssl-devel security update for SLE 11 SP1 i586

Novell SUSE 2012:5635 libopenssl-devel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:7923 openssl security update for SLE 10 SP4 i586

Novell SUSE 2012:7923 openssl security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:57:18