exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2012-2333

Status Candidate

Overview

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.

Related Files

Gentoo Linux Security Advisory 201312-03
Posted Dec 4, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-3 - Multiple vulnerabilities have been found in OpenSSL allowing remote attackers to determine private keys or cause a Denial of Service. Versions less than 1.0.0i are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2006-7250, CVE-2011-1945, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333, CVE-2012-2686, CVE-2013-0166, CVE-2013-0169
SHA-256 | 380511be6e419bf1f679eb548827eea73dd38dc5884aa3ee7bdc7e4fdf03aa74
Apple Security Advisory 2013-06-04-1
Posted Jun 6, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-06-04-1 - OS X Mountain Lion version 10.8.4 and Security Update 2013-002 is now available and addresses over 30 security issues.

tags | advisory
systems | apple, osx
advisories | CVE-2012-2131, CVE-2012-2333, CVE-2012-4929, CVE-2012-5519, CVE-2013-0155, CVE-2013-0276, CVE-2013-0277, CVE-2013-0333, CVE-2013-0975, CVE-2013-0982, CVE-2013-0983, CVE-2013-0984, CVE-2013-0985, CVE-2013-0986, CVE-2013-0987, CVE-2013-0988, CVE-2013-0989, CVE-2013-0990, CVE-2013-1024, CVE-2013-1854, CVE-2013-1855, CVE-2013-1856, CVE-2013-1857
SHA-256 | 29c85f7c4991f40f099be32dac2f2a9438a7fc5388a3ae3de429d2a6ba9bb431
HP Security Bulletin HPSBOV02852 SSRT101108
Posted Mar 27, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02852 SSRT101108 - Potential security vulnerabilities have been identified in HP SSL for OpenVMS. These vulnerabilities could allow remote Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2012-2333, CVE-2013-0166, CVE-2013-0169
SHA-256 | cb5cb5dfdeca2640750b4857366f5e36f9ac5ae17d59f19e92b7294ff275963c
HP Security Bulletin HPSBUX02814 SSRT100930
Posted Oct 2, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02814 SSRT100930 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-2333
SHA-256 | daea6262b35ede00cc6ea4afff92b3016cca3de4edbdea737563cd870dfaf98d
Red Hat Security Advisory 2012-1308-01
Posted Sep 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1308-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333
SHA-256 | 206cde5e92802affa77fca94734b591bc92f0c31a255e0c9a0783f9ea0e00ff8
Red Hat Security Advisory 2012-1306-01
Posted Sep 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1306-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333
SHA-256 | d979e67270f58627c9e1e6c964f567d184e0496a66c282a6e7c00bf36b81f799
Red Hat Security Advisory 2012-1307-01
Posted Sep 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1307-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.

tags | advisory, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2333
SHA-256 | c30c6e1a2462f5d13b946bea5008523c5921e3a47784400549081d14240277e6
OpenSSL Toolkit 1.0.1c
Posted Jun 7, 2012
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Record length are now sanity checked before skipping explicit IV in TLS 1.2, 1.1, and DTLS, to avoid possible DoS attacks. A possible deadlock when decoding public keys has been fixed. The TLS 1.0 record version number is no longer used in the initial client hello if renegotiating. tkeylen in now initialized properly when encrypting CMS messages. In FIPS mode, composite ciphers are no longer used, as they are not approved.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2012-2333
SHA-256 | 2a9eb3cd4e8b114eb9179c0d3884d61658e7d8e8bf4984798a5f5bd48e325ebe
Red Hat Security Advisory 2012-0699-01
Posted May 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0699-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengths when using a block cipher in CBC mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-2333
SHA-256 | c06ac1424785317703c7aa22ceb6c44b036fc510567d485d7bf8e44c5ffb7b08
Ubuntu Security Notice USN-1451-1
Posted May 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1451-1 - Ivan Nestlerode discovered that the Cryptographic Message Syntax (CMS) and PKCS #7 implementations in OpenSSL returned early if RSA decryption failed. This could allow an attacker to expose sensitive information via a Million Message Attack (MMA). It was discovered that an integer underflow was possible when using TLS 1.1, TLS 1.2, or DTLS with CBC encryption. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0884, CVE-2012-2333, CVE-2012-0884, CVE-2012-2333
SHA-256 | c2d728621ad0692803f2775f1741405360b7d473c41ea474fa8427075d3d957a
Debian Security Advisory 2475-1
Posted May 18, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2012-2333
SHA-256 | 66c8c21a9d5a67bd12535ff58d7285885abd5e746fc2188a45920751e9870d71
Mandriva Linux Security Advisory 2012-073
Posted May 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-2333
SHA-256 | 54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164
OpenSSL Security Advisory 20120510
Posted May 10, 2012
Site openssl.org

OpenSSL Security Advisory 20120510 - A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers.

tags | advisory, denial of service
advisories | CVE-2012-2333
SHA-256 | c40071a73eeb5b383bd5eb1bcbd2fd43fd662faa495ccb68734684bb7db8c2bc
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close