ID CVE-2012-2110
Summary The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 1.0.0
    cpe:2.3:a:openssl:openssl:1.0.0
  • OpenSSL Project OpenSSL 1.0.0 Beta1
    cpe:2.3:a:openssl:openssl:1.0.0:beta1
  • OpenSSL Project OpenSSL 1.0.0 Beta2
    cpe:2.3:a:openssl:openssl:1.0.0:beta2
  • OpenSSL Project OpenSSL 1.0.0 Beta3
    cpe:2.3:a:openssl:openssl:1.0.0:beta3
  • OpenSSL Project OpenSSL 1.0.0 Beta4
    cpe:2.3:a:openssl:openssl:1.0.0:beta4
  • OpenSSL Project OpenSSL 1.0.0 Beta5
    cpe:2.3:a:openssl:openssl:1.0.0:beta5
  • OpenSSL Project OpenSSL 1.0.0a
    cpe:2.3:a:openssl:openssl:1.0.0a
  • OpenSSL Project OpenSSL 1.0.0b
    cpe:2.3:a:openssl:openssl:1.0.0b
  • OpenSSL Project OpenSSL 1.0.0c
    cpe:2.3:a:openssl:openssl:1.0.0c
  • OpenSSL Project OpenSSL 1.0.0d
    cpe:2.3:a:openssl:openssl:1.0.0d
  • OpenSSL Project OpenSSL 1.0.0e
    cpe:2.3:a:openssl:openssl:1.0.0e
  • OpenSSL Project OpenSSL 1.0.0g
    cpe:2.3:a:openssl:openssl:1.0.0g
  • OpenSSL Project OpenSSL 0.9.1c
    cpe:2.3:a:openssl:openssl:0.9.1c
  • OpenSSL Project OpenSSL 0.9.2b
    cpe:2.3:a:openssl:openssl:0.9.2b
  • OpenSSL Project OpenSSL 0.9.3
    cpe:2.3:a:openssl:openssl:0.9.3
  • OpenSSL Project OpenSSL 0.9.3a
    cpe:2.3:a:openssl:openssl:0.9.3a
  • OpenSSL Project OpenSSL 0.9.4
    cpe:2.3:a:openssl:openssl:0.9.4
  • OpenSSL Project OpenSSL 0.9.5
    cpe:2.3:a:openssl:openssl:0.9.5
  • OpenSSL Project OpenSSL 0.9.5 Beta1
    cpe:2.3:a:openssl:openssl:0.9.5:beta1
  • OpenSSL Project OpenSSL 0.9.5 Beta2
    cpe:2.3:a:openssl:openssl:0.9.5:beta2
  • OpenSSL Project OpenSSL 0.9.5a
    cpe:2.3:a:openssl:openssl:0.9.5a
  • OpenSSL Project OpenSSL 0.9.5a Beta1
    cpe:2.3:a:openssl:openssl:0.9.5a:beta1
  • OpenSSL Project OpenSSL 0.9.5a Beta2
    cpe:2.3:a:openssl:openssl:0.9.5a:beta2
  • OpenSSL Project OpenSSL 0.9.6
    cpe:2.3:a:openssl:openssl:0.9.6
  • OpenSSL Project OpenSSL 0.9.6 Beta1
    cpe:2.3:a:openssl:openssl:0.9.6:beta1
  • OpenSSL Project OpenSSL 0.9.6 Beta2
    cpe:2.3:a:openssl:openssl:0.9.6:beta2
  • OpenSSL Project OpenSSL 0.9.6 Beta3
    cpe:2.3:a:openssl:openssl:0.9.6:beta3
  • OpenSSL Project OpenSSL 0.9.6a
    cpe:2.3:a:openssl:openssl:0.9.6a
  • OpenSSL Project OpenSSL 0.9.6a Beta1
    cpe:2.3:a:openssl:openssl:0.9.6a:beta1
  • OpenSSL Project OpenSSL 0.9.6a Beta2
    cpe:2.3:a:openssl:openssl:0.9.6a:beta2
  • OpenSSL Project OpenSSL 0.9.6a Beta3
    cpe:2.3:a:openssl:openssl:0.9.6a:beta3
  • OpenSSL Project OpenSSL 0.9.6b
    cpe:2.3:a:openssl:openssl:0.9.6b
  • OpenSSL Project OpenSSL 0.9.6c
    cpe:2.3:a:openssl:openssl:0.9.6c
  • OpenSSL Project OpenSSL 0.9.6d
    cpe:2.3:a:openssl:openssl:0.9.6d
  • OpenSSL Project OpenSSL 0.9.6e
    cpe:2.3:a:openssl:openssl:0.9.6e
  • OpenSSL Project OpenSSL 0.9.6f
    cpe:2.3:a:openssl:openssl:0.9.6f
  • OpenSSL Project OpenSSL 0.9.6g
    cpe:2.3:a:openssl:openssl:0.9.6g
  • OpenSSL Project OpenSSL 0.9.6h
    cpe:2.3:a:openssl:openssl:0.9.6h
  • OpenSSL Project OpenSSL 0.9.6i
    cpe:2.3:a:openssl:openssl:0.9.6i
  • OpenSSL Project OpenSSL 0.9.6j
    cpe:2.3:a:openssl:openssl:0.9.6j
  • OpenSSL Project OpenSSL 0.9.6k
    cpe:2.3:a:openssl:openssl:0.9.6k
  • OpenSSL Project OpenSSL 0.9.6l
    cpe:2.3:a:openssl:openssl:0.9.6l
  • OpenSSL Project OpenSSL 0.9.6m
    cpe:2.3:a:openssl:openssl:0.9.6m
  • OpenSSL Project OpenSSL 0.9.7
    cpe:2.3:a:openssl:openssl:0.9.7
  • OpenSSL Project OpenSSL 0.9.7 beta1
    cpe:2.3:a:openssl:openssl:0.9.7:beta1
  • OpenSSL Project OpenSSL 0.9.7 beta2
    cpe:2.3:a:openssl:openssl:0.9.7:beta2
  • OpenSSL Project OpenSSL 0.9.7 beta3
    cpe:2.3:a:openssl:openssl:0.9.7:beta3
  • OpenSSL Project OpenSSL 0.9.7 Beta4
    cpe:2.3:a:openssl:openssl:0.9.7:beta4
  • OpenSSL Project OpenSSL 0.9.7 Beta5
    cpe:2.3:a:openssl:openssl:0.9.7:beta5
  • OpenSSL Project OpenSSL 0.9.7 Beta6
    cpe:2.3:a:openssl:openssl:0.9.7:beta6
  • OpenSSL Project OpenSSL 0.9.7a
    cpe:2.3:a:openssl:openssl:0.9.7a
  • OpenSSL Project OpenSSL 0.9.7b
    cpe:2.3:a:openssl:openssl:0.9.7b
  • OpenSSL Project OpenSSL 0.9.7c
    cpe:2.3:a:openssl:openssl:0.9.7c
  • OpenSSL Project OpenSSL 0.9.7d
    cpe:2.3:a:openssl:openssl:0.9.7d
  • OpenSSL Project OpenSSL 0.9.7e
    cpe:2.3:a:openssl:openssl:0.9.7e
  • OpenSSL Project OpenSSL 0.9.7f
    cpe:2.3:a:openssl:openssl:0.9.7f
  • OpenSSL Project OpenSSL 0.9.7g
    cpe:2.3:a:openssl:openssl:0.9.7g
  • OpenSSL Project OpenSSL 0.9.7h
    cpe:2.3:a:openssl:openssl:0.9.7h
  • OpenSSL Project OpenSSL 0.9.7i
    cpe:2.3:a:openssl:openssl:0.9.7i
  • OpenSSL Project OpenSSL 0.9.7j
    cpe:2.3:a:openssl:openssl:0.9.7j
  • OpenSSL Project OpenSSL 0.9.7k
    cpe:2.3:a:openssl:openssl:0.9.7k
  • OpenSSL Project OpenSSL 0.9.7l
    cpe:2.3:a:openssl:openssl:0.9.7l
  • OpenSSL Project OpenSSL 0.9.7m
    cpe:2.3:a:openssl:openssl:0.9.7m
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
  • OpenSSL Project OpenSSL 0.9.8g
    cpe:2.3:a:openssl:openssl:0.9.8g
  • OpenSSL Project OpenSSL 0.9.8h
    cpe:2.3:a:openssl:openssl:0.9.8h
  • OpenSSL Project OpenSSL 0.9.8i
    cpe:2.3:a:openssl:openssl:0.9.8i
  • OpenSSL Project OpenSSL 0.9.8j
    cpe:2.3:a:openssl:openssl:0.9.8j
  • OpenSSL Project OpenSSL 0.9.8k
    cpe:2.3:a:openssl:openssl:0.9.8k
  • OpenSSL Project OpenSSL 0.9.8l
    cpe:2.3:a:openssl:openssl:0.9.8l
  • OpenSSL Project OpenSSL 0.9.8m
    cpe:2.3:a:openssl:openssl:0.9.8m
  • OpenSSL Project OpenSSL 0.9.8m Beta1
    cpe:2.3:a:openssl:openssl:0.9.8m:beta1
  • OpenSSL Project OpenSSL 0.9.8n
    cpe:2.3:a:openssl:openssl:0.9.8n
  • OpenSSL Project OpenSSL 0.9.8o
    cpe:2.3:a:openssl:openssl:0.9.8o
  • OpenSSL Project OpenSSL 0.9.8p
    cpe:2.3:a:openssl:openssl:0.9.8p
  • OpenSSL Project OpenSSL 0.9.8q
    cpe:2.3:a:openssl:openssl:0.9.8q
  • OpenSSL Project OpenSSL 0.9.8r
    cpe:2.3:a:openssl:openssl:0.9.8r
  • OpenSSL Project OpenSSL 0.9.8s
    cpe:2.3:a:openssl:openssl:0.9.8s
  • OpenSSL Project OpenSSL 0.9.8t
    cpe:2.3:a:openssl:openssl:0.9.8t
  • OpenSSL Project OpenSSL 0.9.8u
    cpe:2.3:a:openssl:openssl:0.9.8u
  • Red Hat openssl 0.9.6.15
    cpe:2.3:a:redhat:openssl:0.9.6-15
  • Red Hat openssl 0.9.6b3
    cpe:2.3:a:redhat:openssl:0.9.6b-3
  • Red Hat openssl 0.9.7a2
    cpe:2.3:a:redhat:openssl:0.9.7a-2
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
CVSS
Base: 7.5 (as of 07-10-2013 - 12:09)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description OpenSSL ASN1 BIO Memory Corruption Vulnerability. CVE-2012-2110,CVE-2012-2131. Dos exploits for multiple platform
file exploits/multiple/dos/18756.txt
id EDB-ID:18756
last seen 2016-02-02
modified 2012-04-19
platform multiple
port
published 2012-04-19
reporter Tavis Ormandy
source https://www.exploit-db.com/download/18756/
title OpenSSL ASN1 BIO Memory Corruption Vulnerability
type dos
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-308.NASL
    description Specially crafted DER files could trigger a memory corruption in openssl
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 74641
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74641
    title openSUSE Security Update : openssl (openSUSE-2012-308)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-153.NASL
    description openssl was updated to 1.0.0k security release to fix bugs and security issues. (bnc#802648 bnc#802746) The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686) OCSP invalid key DoS issue (CVE-2013-0166) Also the following bugfix was included: bnc#757773 - c_rehash to accept more filename extensions
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74901
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74901
    title openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-8112.NASL
    description This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. (CVE-2012-2110) Additionally, a check for negative buffer length values was added (CVE-2012-2131) and a memory leak when creating public keys fixed.
    last seen 2019-02-21
    modified 2013-05-12
    plugin id 59237
    published 2012-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59237
    title SuSE 10 Security Update : openssl (ZYPP Patch Number 8112)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_8_4.NASL
    description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components : - CFNetwork - CoreAnimation - CoreMedia Playback - CUPS - Disk Management - OpenSSL - QuickDraw Manager - QuickTime - SMB
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66808
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66808
    title Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_COMPAT-OPENSSL097G-8262.NASL
    description This compat-openssl097g rollup update contains various security fixes : - incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. (CVE-2012-2131 / CVE-2012-2110)
    last seen 2019-02-21
    modified 2013-05-12
    plugin id 62060
    published 2012-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62060
    title SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 8262)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_PSN-2012-07-645.NASL
    description According to its self-reported version number, the remote Junos router is using an outdated version of OpenSSL. Parsing malformed ASN.1 encoded data can result in memory corruption. This vulnerability can be triggered by attempting to parse untrusted data (e.g., an X.509 certificate).
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 59989
    published 2012-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59989
    title Juniper Junos OpenSSL ASN.1 Memory Corruption (PSN-2012-07-645)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0007.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79531
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79531
    title OracleVM 2.2 : openssl (OVMSA-2014-0007)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6403.NASL
    description Upstream security update fixing CVE-2012-2110 - memory corruption in when reading ASN.1 structures through BIO interface. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58916
    published 2012-04-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58916
    title Fedora 16 : openssl-1.0.0i-1.fc16 (2012-6403)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-73.NASL
    description Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69680
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69680
    title Amazon Linux AMI : openssl098e (ALAS-2012-73)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_1A.NASL
    description According to its banner, the remote web server is running a version of OpenSSL 1.0.1 earlier than 1.0.1a. As such, the OpenSSL library itself is reportedly affected by a memory corruption vulnerability via an integer truncation error in the function 'asn1_d2i_read_bio' when reading ASN.1 DER format data. Applications using the 'BIO' or 'FILE' based functions (i.e., 'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue. Also affected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command line utility is affected if used to handle untrusted DER formatted data. Note that the SSL/TLS code of OpenSSL is not affected. Also not affected are applications using memory-based ASN.1 functions (e.g., 'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM functions.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58801
    published 2012-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58801
    title OpenSSL 1.0.1 < 1.0.1a ASN.1 asn1_d2i_read_bio Memory Corruption
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2013-0003.NASL
    description a. VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client. Exploitation of the issue may lead to code execution. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1659 to this issue. b. VirtualCenter, ESX and ESXi Oracle (Sun) JRE update 1.5.0_38 Oracle (Sun) JRE is updated to version 1.5.0_38, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_38 in the Oracle Java SE Critical Patch Update Advisory of October 2012. c. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version openssl-0.9.7a.33.28.i686 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue.
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 64812
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64812
    title VMSA-2013-0003 : VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third-party library security issues.
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1424-1.NASL
    description It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. (CVE-2006-7250, CVE-2012-1165) Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2012-2110). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58808
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58808
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)
  • NASL family Web Servers
    NASL id HPSMH_7_2_1_0.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is a version prior to 7.2.1.0. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389) - The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution. (CVE-2012-0883) - Numerous, unspecified errors could allow remote denial of service attacks. (CVE-2012-2110, CVE-2012-2329, CVE-2012-2336, CVE-2013-2357, CVE-2013-2358, CVE-2013-2359, CVE-2013-2360) - The fix for CVE-2012-1823 does not completely correct the CGI query parameter vulnerability. Disclosure of PHP source code and code execution are still possible. Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration. (CVE-2012-2311, CVE-2012-2335) - Unspecified errors exist that could allow unauthorized access. (CVE-2012-5217, CVE-2013-2355) - Unspecified errors exist that could allow disclosure of sensitive information. (CVE-2013-2356, CVE-2013-2363) - An unspecified error exists that could allow cross-site scripting attacks. (CVE-2013-2361) - Unspecified errors exist that could allow a local attacker to cause denial of service conditions. (CVE-2013-2362, CVE-2013-2364) - An as-yet unspecified vulnerability exists that could cause a denial of service condition. (CVE-2013-4821)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69020
    published 2013-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69020
    title HP System Management Homepage < 7.2.1.0 Multiple Vulnerabilities (BEAST)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_OPENSSL_20120626.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80717
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80717
    title Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1428-1.NASL
    description It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. (CVE-2012-2131) The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58873
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58873
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_COMPAT-OPENSSL097G-120830.NASL
    description This compat-openssl097g rollup update contains various security fixes : - incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. (CVE-2012-2131 / CVE-2012-2110)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64120
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64120
    title SuSE 11.2 Security Update : compat-openssl097g (SAT Patch Number 6749)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2013-002.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied. This update contains numerous security-related fixes for the following components : - CoreMedia Playback (10.7 only) - Directory Service (10.6 only) - OpenSSL - QuickDraw Manager - QuickTime - Ruby (10.6 only) - SMB (10.7 only)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66809
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66809
    title Mac OS X Multiple Vulnerabilities (Security Update 2013-002)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0008.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79532
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79532
    title OracleVM 3.2 : onpenssl (OVMSA-2014-0008)
  • NASL family Web Servers
    NASL id OPENSSL_0_9_8V.NASL
    description According to its banner, the remote web server is running a version of OpenSSL earlier than 0.9.8w. As such, the OpenSSL library itself is reportedly affected by a memory corruption vulnerability via an integer truncation error in the function 'asn1_d2i_read_bio' when reading ASN.1 DER format data. Applications using the 'BIO' or 'FILE' based functions (i.e., 'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue. Also affected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command line utility is affected if used to handle untrusted DER formatted data. Note that the SSL/TLS code of OpenSSL is not affected. Also not affected are applications using memory-based ASN.1 functions (e.g., 'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM functions. Note also that the original fix for CVE-2012-2110 in 0.9.8v was incomplete because the functions 'BUF_MEM_grow' and 'BUF_MEM_grow_clean', in file 'openssl/crypto/buffer/buffer.c', did not properly account for negative values of the argument 'len'.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58799
    published 2012-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58799
    title OpenSSL < 0.9.8w ASN.1 asn1_d2i_read_bio Memory Corruption
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-060.NASL
    description A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS (CVE-2012-2110). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58806
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58806
    title Mandriva Linux Security Advisory : openssl (MDVSA-2012:060)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0522.NASL
    description Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 64033
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64033
    title RHEL 4 / 5 / 6 : openssl (RHSA-2012:0522)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0518.NASL
    description Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58852
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58852
    title CentOS 5 / 6 : openssl (CESA-2012:0518)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6343.NASL
    description Upstream security update fixing CVE-2012-2110 - memory corruption in when reading ASN.1 structures through BIO interface. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58888
    published 2012-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58888
    title Fedora 17 : openssl-1.0.0i-1.fc17 (2012-6343)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0518.NASL
    description Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58869
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58869
    title RHEL 5 / 6 : openssl (RHSA-2012:0518)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120424_OPENSSL_ON_SL5_X.NASL
    description OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61305
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61305
    title Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-2011.NASL
    description Description of changes: [0.9.7a-43.18.0.1] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185) backport of OL5 patch 0.9.7a-11.2 by Tomas Mraz <tmraz at redhat.com>
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68672
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68672
    title Oracle Linux 4 : openssl (ELSA-2012-2011)
  • NASL family Web Servers
    NASL id OPENSSL_1_0_0I.NASL
    description According to its banner, the remote web server is running a version of OpenSSL 1.0.0 is earlier than 1.0.0i. As such, the OpenSSL library itself is reportedly affected by a memory corruption vulnerability via an integer truncation error in the function 'asn1_d2i_read_bio' when reading ASN.1 DER format data. Applications using the 'BIO' or 'FILE' based functions (i.e., 'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue. Also affected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command line utility is affected if used to handle untrusted DER formatted data. Note that the SSL/TLS code of OpenSSL is not affected. Also not affected are applications using memory-based ASN.1 functions (e.g., 'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM functions.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58800
    published 2012-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58800
    title OpenSSL 1.0.0 < 1.0.0i ASN.1 asn1_d2i_read_bio Memory Corruption
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY4.NASL
    description The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. (CVE-2012-1165) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131) - Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over- read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. (CVE-2012-2333)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 73562
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73562
    title AIX OpenSSL Advisory : openssl_advisory4.asc
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0013.NASL
    description a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle (Sun) JRE is updated to version 1.6.0_31, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCenter Update Manager update to JRE 1.5.0 Update 36 The Oracle (Sun) JRE is updated to 1.5.0_36 to address multiple security issues. Oracle has documented the CVE identifiers that are addressed in JRE 1.5.0_36 in the Oracle Java SE Critical Patch Update Advisory for June 2012. c. Update to ESX/ESXi userworld OpenSSL library The ESX/ESXi userworld OpenSSL library is updated from version 0.9.8p to version 0.9.8t to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, and CVE-2012-0050 to these issues. d. Update to ESX service console OpenSSL RPM The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-2110 to this issue. e. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, and CVE-2012-1583 to these issues. f. Update to ESX service console Perl RPM The ESX service console Perl RPM is updated to perl-5.8.8.32.1.8999.vmw to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2761, CVE-2010-4410, and CVE-2011-3597 to these issues. g. Update to ESX service console libxml2 RPMs The ESX service console libmxl2 RPMs are updated to libxml2-2.6.26-2.1.15.el5_8.2 and libxml2-python-2.6.26-2.1.15.el5_8.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0841 to this issue. h. Update to ESX service console glibc RPM The ESX service console glibc RPM is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, and CVE-2012-0864 to these issue. i. Update to ESX service console GnuTLS RPM The ESX service console GnuTLS RPM is updated to version 1.4.1-7.el5_8.2 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4128, CVE-2012-1569, and CVE-2012-1573 to these issues. j. Update to ESX service console popt, rpm, rpm-libs, and rpm-python RPMS The ESX service console popt, rpm, rpm-libs, and rpm-python RPMS are updated to the following versions to resolve multiple security issues : - popt-1.10.2.3-28.el5_8 - rpm-4.4.2.3-28.el5_8 - rpm-libs-4.4.2.3-28.el5_8 - rpm-python-4.4.2.3-28.el5_8 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0060, CVE-2012-0061, and CVE-2012-0815 to these issues. k. Vulnerability in third-party Apache Struts component The version of Apache Struts in vCenter Operations has been updated to 2.3.4 which addresses an arbitrary file overwrite vulnerability. This vulnerability allows an attacker to create a denial of service by overwriting arbitrary files without authentication. The attacker would need to be on the same network as the system where vCOps is installed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0393 to this issue. Note: Apache struts 2.3.4 addresses the following issues as well : CVE-2011-5057, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394. It was found that these do not affect vCOps. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 61747
    published 2012-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61747
    title VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201312-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201312-03 (OpenSSL: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : Remote attackers can determine private keys, decrypt data, cause a Denial of Service or possibly have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 71169
    published 2013-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71169
    title GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2AE114DEC06411E1B5E0000C299B62E1.NASL
    description Problem description : OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576] OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619] If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free. [CVE-2011-4109] A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884] The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59747
    published 2012-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59747
    title FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16285.NASL
    description The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 82671
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82671
    title F5 Networks BIG-IP : OpenSSL vulnerability (SOL16285)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0013_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Apache Struts - glibc - GnuTLS - JRE - kernel - libxml2 - OpenSSL - Perl - popt and rpm
    last seen 2019-02-21
    modified 2018-08-16
    plugin id 89038
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89038
    title VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-18035.NASL
    description Update to 1.0.1c and synced all patches with Fedora openssl-1.0.1c-7.fc19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 63031
    published 2012-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63031
    title Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)
  • NASL family Misc.
    NASL id VMWARE_ESX_VMSA-2013-0003_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Java Runtime Environment (JRE) - Network File Copy (NFC) Protocol - OpenSSL
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 89663
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89663
    title VMware ESX / ESXi NFC and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0003) (remote check)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-72.NASL
    description Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69679
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69679
    title Amazon Linux AMI : openssl (ALAS-2012-72)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6395.NASL
    description Upstream security update fixing CVE-2012-2110 - memory corruption in when reading ASN.1 structures through BIO interface. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59071
    published 2012-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59071
    title Fedora 15 : openssl-1.0.0i-1.fc15 (2012-6395)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0518.NASL
    description From Red Hat Security Advisory 2012:0518 : Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68519
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68519
    title Oracle Linux 5 / 6 : openssl (ELSA-2012-0518)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2454.NASL
    description Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). - CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. - CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes. Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58804
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58804
    title Debian DSA-2454-2 : openssl - multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBOPENSSL-DEVEL-120503.NASL
    description This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. (CVE-2012-2110) Additionally, a check for negative buffer length values was added (CVE-2012-2131) and the stack made non-executable by marking the enhanced Intel SSSE3 assembler code as not needing executable stack.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64184
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64184
    title SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7184F92E8BB811E18D7B003067B2972C.NASL
    description OpenSSL security team reports : A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 58829
    published 2012-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58829
    title FreeBSD : OpenSSL -- integer conversions result in memory corruption (7184f92e-8bb8-11e1-8d7b-003067b2972c)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10659.NASL
    description According to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in the bundled OpenSSL CentOS package. (CVE-2011-4109, CVE-2011-4576, CVE-2011-4619, CVE-2012-0884, CVE-2012-2110, CVE-2012-2333, CVE-2013-0166, CVE-2013-0169, CVE-2014-0224) - Multiple vulnerabilities in Oracle MySQL. (CVE-2013-5908) - Multiple vulnerabilities in the Oracle Java runtime. (CVE-2014-0411, CVE-2014-0423, CVE-2014-4244, CVE-2014-0453, CVE-2014-0460, CVE-2014-4263, CVE-2014-4264)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 80197
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80197
    title Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)
redhat via4
advisories
  • bugzilla
    id 814185
    title CVE-2012-2110 openssl: asn1_d2i_read_bio integer errors leading to buffer overflow
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment openssl is earlier than 0:1.0.0-20.el6_2.4
            oval oval:com.redhat.rhsa:tst:20120518005
          • comment openssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888006
        • AND
          • comment openssl-devel is earlier than 0:1.0.0-20.el6_2.4
            oval oval:com.redhat.rhsa:tst:20120518007
          • comment openssl-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888012
        • AND
          • comment openssl-perl is earlier than 0:1.0.0-20.el6_2.4
            oval oval:com.redhat.rhsa:tst:20120518009
          • comment openssl-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888008
        • AND
          • comment openssl-static is earlier than 0:1.0.0-20.el6_2.4
            oval oval:com.redhat.rhsa:tst:20120518011
          • comment openssl-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100888010
        • AND
          • comment openssl098e is earlier than 0:0.9.8e-17.el6_2.2
            oval oval:com.redhat.rhsa:tst:20120518013
          • comment openssl098e is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120518014
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment openssl is earlier than 0:0.9.8e-22.el5_8.3
            oval oval:com.redhat.rhsa:tst:20120518016
          • comment openssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070964003
        • AND
          • comment openssl-devel is earlier than 0:0.9.8e-22.el5_8.3
            oval oval:com.redhat.rhsa:tst:20120518018
          • comment openssl-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070964005
        • AND
          • comment openssl-perl is earlier than 0:0.9.8e-22.el5_8.3
            oval oval:com.redhat.rhsa:tst:20120518020
          • comment openssl-perl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070964007
        • AND
          • comment openssl097a is earlier than 0:0.9.7a-11.el5_8.2
            oval oval:com.redhat.rhsa:tst:20120518022
          • comment openssl097a is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090004017
    rhsa
    id RHSA-2012:0518
    released 2012-04-24
    severity Important
    title RHSA-2012:0518: openssl security update (Important)
  • rhsa
    id RHSA-2012:0522
  • rhsa
    id RHSA-2012:1306
  • rhsa
    id RHSA-2012:1307
  • rhsa
    id RHSA-2012:1308
rpms
  • openssl-0:1.0.0-20.el6_2.4
  • openssl-devel-0:1.0.0-20.el6_2.4
  • openssl-perl-0:1.0.0-20.el6_2.4
  • openssl-static-0:1.0.0-20.el6_2.4
  • openssl098e-0:0.9.8e-17.el6_2.2
  • openssl-0:0.9.8e-22.el5_8.3
  • openssl-devel-0:0.9.8e-22.el5_8.3
  • openssl-perl-0:0.9.8e-22.el5_8.3
  • openssl097a-0:0.9.7a-11.el5_8.2
refmap via4
apple APPLE-SA-2013-06-04-1
bid 53158
confirm
debian DSA-2454
exploit-db 18756
fedora
  • FEDORA-2012-18035
  • FEDORA-2012-6343
  • FEDORA-2012-6395
  • FEDORA-2012-6403
fulldisc 20120419 incorrect integer conversions in OpenSSL can result in memory corruption.
hp
  • HPSBMU02776
  • HPSBMU02900
  • HPSBOV02793
  • HPSBUX02782
  • SSRT100844
  • SSRT100852
  • SSRT100891
  • SSRT101210
mandriva MDVSA-2012:060
osvdb 81223
sectrack 1026957
secunia
  • 48847
  • 48895
  • 48899
  • 48942
  • 48999
  • 57353
suse
  • SUSE-SU-2012:0623
  • SUSE-SU-2012:0637
  • SUSE-SU-2012:1149
ubuntu USN-1424-1
vmware via4
  • description The service console OpenSSL RPM is updated to version openssl-0.9.7a.33.28.i686 to resolve multiple security issues
    id VMSA-2013-0003
    last_updated 2013-02-21T00:00:00
    published 2013-02-21T00:00:00
    title Update to ESX service console OpenSSL RPM
  • description The service console OpenSSL RPM is updated to version 0.9.8e-22.el5_8.3 to resolve a security issue.
    id VMSA-2012-0013
    last_updated 2012-12-20T00:00:00
    published 2012-08-30T00:00:00
    title Update to ESX service console OpenSSL RPM
Last major update 22-08-2016 - 22:05
Published 19-04-2012 - 13:55
Last modified 04-01-2018 - 21:29
Back to Top