PT-2012-1076 · Openssl+5 · Openssl+5

Published

2012-01-04

·

Updated

2024-06-15

·

CVE-2011-4576

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8s and 1.x prior to 1.0.0f OpenSSL versions prior to 1.0.0g
Description The issue affects the SSL 3.0 implementation in OpenSSL, which does not properly initialize data structures for block cipher padding. This might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer. The exploitation of these vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely.
Recommendations For versions prior to 0.9.8s, update to version 0.9.8s or later. For versions prior to 1.0.0f, update to version 1.0.0f or later. For versions prior to 1.0.0g, update to version 1.0.0g or later. As a temporary workaround, consider restricting access to SSL services until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-310

Related Identifiers

BDU:2015-06476
BDU:2015-06477
BDU:2015-06479
BDU:2015-06480
BDU:2015-08802
BDU:2015-08803
BDU:2015-08804
BDU:2015-08805
BDU:2015-09442
BDU:2015-09905
CESA-2012_0059
CVE-2011-4576
DSA-2390-1
HPSBUX02734
OPENSUSE-SU-2024:10271-1
OPENSUSE-SU-2024:10423-1
OPENSUSE-SU-2024:10529-1
OPENSUSE-SU-2024:11127-1
RHSA-2012:0059
RHSA-2012:0060
RHSA-2012:0086
RHSA-2012:0109
RHSA-2012_0059
RHSA-2012_0060
RHSA-2012_0086
SUSE-FU-2022:0445-1
SUSE-SU-2015:1184-1
SUSE-SU-403

Affected Products

Centos
Hp-Ux
Ibm Aix
Openssl
Red Hat
Suse