PT-2012-1155 · Openssl+5 · Openssl+5

Bla

Publicado

2012-03-15

Atualizado

2024-06-15

CVE-2012-1165

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.0j OpenSSL versions prior to 0.9.8y

Description The issue affects the OpenSSL package in Gentoo Linux, potentially leading to breaches in confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. A specific function, mime param cmp, in crypto/asn1/asn mime.c is vulnerable, allowing remote attackers to cause a denial of service via a crafted S/MIME message.

Recommendations For versions prior to 1.0.0j, update to version 1.0.0j or later. For versions prior to 0.9.8y, update to version 0.9.8y or later. As a temporary workaround, consider restricting access to the mime param cmp function in crypto/asn1/asn mime.c until a patch is available.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-310

Identificadores relacionados

BDU:2015-09677

CESA-2012_0426

CVE-2012-1165

DSA-2454-1

HPSBUX02782

OPENSUSE-SU-2024:10271-1

OPENSUSE-SU-2024:10529-1

OPENSUSE-SU-2024:11127-1

RHSA-2012:0426

RHSA-2012_0426

SUSE-FU-2022:0445-1

SUSE-SU-2015:1184-1

SUSE-SU-403

Produtos afetados

Centos

Hp-Ux

Ibm Aix

Openssl

Red Hat

Suse

PT-2012-1155 · Openssl+5 · Openssl+5

CVE-2012-1165

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 273