CVE-2011-4576

Sažetak

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Reference

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
http://marc.info/?l=bugtraq&m=132750648501816&w=2
http://marc.info/?l=bugtraq&m=133951357207000&w=2
http://marc.info/?l=bugtraq&m=134039053214295&w=2
http://rhn.redhat.com/errata/RHSA-2012-1306.html
http://rhn.redhat.com/errata/RHSA-2012-1307.html
http://rhn.redhat.com/errata/RHSA-2012-1308.html
http://secunia.com/advisories/48528
http://secunia.com/advisories/55069
http://secunia.com/advisories/57353
http://support.apple.com/kb/HT5784
http://www.debian.org/security/2012/dsa-2390
http://www.kb.cert.org/vuls/id/737740
http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
http://www.openssl.org/news/secadv_20120104.txt
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

23-08-2016 - 02:04

Objavljeno

06-01-2012 - 01:55