Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5095

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-5095
Last Modified 21 Jun 2012 12:00:00
Published 20 Jun 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-5095

Summary

The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.

Vulnerable Systems

Application

  • Openssl 0.9.8


References

MISC - https://discussions.nessus.org/thread/3381

MISC - http://www.nessus.org/plugins/index.php?view=single&id=53360

MISC - http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf

Related Patches

Novell SUSE 2012:6521 libopenssl-devel security update for SLE 11 SP1 i586

Novell SUSE 2012:6521 libopenssl-devel security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:56:32