Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2686

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2686
Last Modified 17 Jan 2014 12:06:29
Published 08 Feb 2013 02:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2686

Summary

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

Vulnerable Systems

Application

  • Openssl 1.0.1

  • Openssl 1.0.1a

  • Openssl 1.0.1b

  • Openssl 1.0.1c


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=908029

CONFIRM - http://www.openssl.org/news/secadv_20130204.txt

CONFIRM - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=125093b59f3c2a2d33785b5563d929d0472f1721

CONFIRM - http://support.apple.com/kb/HT5880

APPLE - APPLE-SA-2013-09-12-1

BID - 57755

SECUNIA - 55139

SECUNIA - 55108

HP - HPSBUX02909

HP - SSRT101289


Last Updated: 27 May 2016 10:51:51