exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2011-4577

Status Candidate

Overview

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

Related Files

HP Security Bulletin HPSBMU02786 SSRT100877 2
Posted May 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 5dbefc2f5ce267adce1e15986e02edbb8a3cd8b62ebf6a7c096957f60f594794
VMware Security Advisory 2012-0013
Posted Sep 1, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0013 - VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2010-2761, CVE-2010-4180, CVE-2010-4252, CVE-2010-4410, CVE-2011-0014, CVE-2011-1020, CVE-2011-1089, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2699, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-3597, CVE-2011-4108, CVE-2011-4109, CVE-2011-4110, CVE-2011-4128, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4576, CVE-2011-4577, CVE-2011-4609
SHA-256 | ab37b6926b046653acdeeef66e7c85ba
HP Security Bulletin HPSBMU02786 SSRT100877
Posted Jun 28, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 856251204fbecc5944b74b48232e96b353c5844f102f2b4ea9de3e11e27b5a7d
HP Security Bulletin HPSBOV02793 SSRT100891
Posted Jun 23, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02793 SSRT100891 - Potential security vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or to gain unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0050, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2131
SHA-256 | 81afd5381e1f8df30bc1eda96940a682d60e52c9185ef5115fed35b8f301ab7c
Gentoo Linux Security Advisory 201203-12
Posted Mar 6, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-12 - Multiple vulnerabilities have been found in OpenSSL, allowing remote attackers to cause a Denial of Service or obtain sensitive information. Versions less than 1.0.0g are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0050
SHA-256 | 33d5dcd48ce0543fba2329b32e7c2e3cb7ad20833adcae6ddcc406a2b4b01fd0
Red Hat Security Advisory 2012-0109-01
Posted Feb 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0109-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0029
SHA-256 | 8da6bc236f0922d833448e86579690e72584546abfdf7d9e503f684883a37b08
Ubuntu Security Notice USN-1357-1
Posted Feb 10, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1357-1 - It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, protocol
systems | linux, ubuntu
advisories | CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4108, CVE-2012-0050, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2011-1945, CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0050
SHA-256 | 35a63a05c4a33b71a7bcfee436327107866cecc57861e8d07b69574145af5179
HP Security Bulletin HPSBUX02734 SSRT100729
Posted Jan 25, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02734 SSRT100729 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2011-3210, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619
SHA-256 | b2265e92d8b81cb40b2add6a630d861f1b28f98b30119e91fd07549aa77efff1
Red Hat Security Advisory 2012-0059-01
Posted Jan 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0059-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619
SHA-256 | 637d4b3792e367e77118dadf6e654fba56f63a5136cbc78f5b4bd3c1b6efa812
OpenSSL Toolkit 1.0.0f
Posted Jan 7, 2012
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: A fix was introduced for a security issue where an extension of the Vaudenay padding oracle attack on CBC mode encryption enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Various other bugfixes and improvements were made.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0027, CVE-2011-4577
SHA-256 | faf1eab0ef85fd6c3beca271c356b31b5cc831e2c6b7f23cf672e7ab4680fde1
OpenSSL Security Advisory 20120104
Posted Jan 4, 2012
Site openssl.org

OpenSSL Security Advisory 20120104 - Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. Other issues were also addressed.

tags | advisory
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027
SHA-256 | 763f9093ee4fa9f5c169a2cd1bfec76d591dd7cd15c38aa505ca11856997aeec
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close