Exploit the possiblities
Showing 1 - 4 of 4 RSS Feed

CVE-2011-3207

Status Candidate

Overview

crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.

Related Files

HP Security Bulletin HPSBMU02752 SSRT100802
Posted Mar 21, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02752 SSRT100802 - Potential security vulnerabilities have been identified with HP Insight Control Software for Linux (IC-Linux). The vulnerabilities could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux
advisories | CVE-2010-4645, CVE-2011-0762, CVE-2011-0997, CVE-2011-1097, CVE-2011-3207, CVE-2011-3210
MD5 | b161d0c30b9a570054c1fd5245102cb5
Red Hat Security Advisory 2011-1409-01
Posted Oct 26, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1409-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2011-3207
MD5 | 4247c004923496e1b23a5015883ba0c1
Mandriva Linux Security Advisory 2011-137
Posted Sep 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-137 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service via out-of-order messages that violate the TLS protocol.

tags | advisory, remote, denial of service, crypto, protocol
systems | linux, mandriva
advisories | CVE-2011-1945, CVE-2011-3207, CVE-2011-3210
MD5 | d4cdd08b16fe165439352bfa6ccaf846
OpenSSL Toolkit 1.0.0e
Posted Sep 7, 2011
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Initialization of X509_STORE_CTX was fixed to eliminate a case where CRLs with "nextUpdate" in the past were sometimes accepted. An error in SSL memory handling for (EC)DH ciphersuites was fixed. A memory leak on bad inputs to x509_name_ex_d2i was fixed. Some ECC ciphersuites are no longer restricted to SHA1. Protection against ECDSA timing attacks was introduced
tags | encryption, protocol
systems | unix
advisories | CVE-2011-3207, CVE-2011-3210
MD5 | 7040b89c4c58c7a1016c0dfa6e821c86
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    6 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close