ID CVE-2008-5410
Summary The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
CVSS
Base: 7.8 (as of 29-09-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2009-02-16T04:00:23.547-05:00
class vulnerability
contributors
name Michael Wood
organization Hewlett-Packard
definition_extensions
  • comment Solaris 10 (SPARC) is installed
    oval oval:org.mitre.oval:def:1440
  • comment Solaris 10 (x86) is installed
    oval oval:org.mitre.oval:def:1926
description The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.
family unix
id oval:org.mitre.oval:def:5914
status accepted
submitted 2009-01-05T16:39:26.000-05:00
title penSSL PKCS#11 Engine May Result in Denial of Service (DoS) Due to a Corrupted Session Cache
version 35
refmap via4
bid 32671
confirm
sectrack 1021358
secunia 33050
sunalert 246846
vupen ADV-2008-3372
xf solaris-openssl-pkcs11engine-dos(47137)
Last major update 29-09-2017 - 01:32
Published 10-12-2008 - 00:30
Last modified 29-09-2017 - 01:32
Back to Top