ID CVE-2012-2131
Summary Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.8v
    cpe:2.3:a:openssl:openssl:0.9.8v
CVSS
Base: 7.5 (as of 25-04-2012 - 08:51)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description OpenSSL ASN1 BIO Memory Corruption Vulnerability. CVE-2012-2110,CVE-2012-2131. Dos exploits for multiple platform
file exploits/multiple/dos/18756.txt
id EDB-ID:18756
last seen 2016-02-02
modified 2012-04-19
platform multiple
port
published 2012-04-19
reporter Tavis Ormandy
source https://www.exploit-db.com/download/18756/
title OpenSSL ASN1 BIO Memory Corruption Vulnerability
type dos
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-8112.NASL
    description This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. (CVE-2012-2110) Additionally, a check for negative buffer length values was added (CVE-2012-2131) and a memory leak when creating public keys fixed.
    last seen 2019-02-21
    modified 2013-05-12
    plugin id 59237
    published 2012-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59237
    title SuSE 10 Security Update : openssl (ZYPP Patch Number 8112)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_8_4.NASL
    description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.4. The newer version contains multiple security-related fixes for the following components : - CFNetwork - CoreAnimation - CoreMedia Playback - CUPS - Disk Management - OpenSSL - QuickDraw Manager - QuickTime - SMB
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66808
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66808
    title Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_COMPAT-OPENSSL097G-8262.NASL
    description This compat-openssl097g rollup update contains various security fixes : - incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. (CVE-2012-2131 / CVE-2012-2110)
    last seen 2019-02-21
    modified 2013-05-12
    plugin id 62060
    published 2012-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62060
    title SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 8262)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_PSN-2012-07-645.NASL
    description According to its self-reported version number, the remote Junos router is using an outdated version of OpenSSL. Parsing malformed ASN.1 encoded data can result in memory corruption. This vulnerability can be triggered by attempting to parse untrusted data (e.g., an X.509 certificate).
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 59989
    published 2012-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59989
    title Juniper Junos OpenSSL ASN.1 Memory Corruption (PSN-2012-07-645)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_OPENSSL_20120626.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80717
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80717
    title Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1428-1.NASL
    description It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. (CVE-2012-2131) The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58873
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58873
    title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerability (USN-1428-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_COMPAT-OPENSSL097G-120830.NASL
    description This compat-openssl097g rollup update contains various security fixes : - incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. (CVE-2012-2131 / CVE-2012-2110)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64120
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64120
    title SuSE 11.2 Security Update : compat-openssl097g (SAT Patch Number 6749)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-064.NASL
    description It was discovered that the fix for CVE-2012-2110 (MDVSA-2012:060) was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58865
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58865
    title Mandriva Linux Security Advisory : openssl0.9.8 (MDVSA-2012:064)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2013-002.NASL
    description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-002 applied. This update contains numerous security-related fixes for the following components : - CoreMedia Playback (10.7 only) - Directory Service (10.6 only) - OpenSSL - QuickDraw Manager - QuickTime - Ruby (10.6 only) - SMB (10.7 only)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 66809
    published 2013-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66809
    title Mac OS X Multiple Vulnerabilities (Security Update 2013-002)
  • NASL family Web Servers
    NASL id OPENSSL_0_9_8V.NASL
    description According to its banner, the remote web server is running a version of OpenSSL earlier than 0.9.8w. As such, the OpenSSL library itself is reportedly affected by a memory corruption vulnerability via an integer truncation error in the function 'asn1_d2i_read_bio' when reading ASN.1 DER format data. Applications using the 'BIO' or 'FILE' based functions (i.e., 'd2i_*_bio' or 'd2i_*_fp' functions) are affected by this issue. Also affected are 'S/MIME' or 'CMS' applications using 'SMIME_read_PKCS7' or 'SMIME_read_CMS' parsers. The OpenSSL command line utility is affected if used to handle untrusted DER formatted data. Note that the SSL/TLS code of OpenSSL is not affected. Also not affected are applications using memory-based ASN.1 functions (e.g., 'd2i_X509', 'd2i_PKCS12', etc.) nor are applications using only PEM functions. Note also that the original fix for CVE-2012-2110 in 0.9.8v was incomplete because the functions 'BUF_MEM_grow' and 'BUF_MEM_grow_clean', in file 'openssl/crypto/buffer/buffer.c', did not properly account for negative values of the argument 'len'.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58799
    published 2012-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58799
    title OpenSSL < 0.9.8w ASN.1 asn1_d2i_read_bio Memory Corruption
  • NASL family AIX Local Security Checks
    NASL id AIX_OPENSSL_ADVISORY4.NASL
    description The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. (CVE-2012-0884) - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. (CVE-2012-1165) - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. (CVE-2012-2110) - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. (CVE-2012-2131) - Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over- read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. (CVE-2012-2333)
    last seen 2019-02-21
    modified 2018-07-17
    plugin id 73562
    published 2014-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73562
    title AIX OpenSSL Advisory : openssl_advisory4.asc
  • NASL family Misc.
    NASL id JUNOS_PULSE_JSA10591.NASL
    description According to its self-reported version, the version of IVE / UAC OS running on the remote host may be affected by multiple vulnerabilities : - Remote attackers may be able to trigger buffer overflow vulnerabilities on the OpenSSL libraries by sending specially crafted DER data, resulting in memory corruption. (CVE-2012-2131) - A weakness in the OpenSSL library leaves it vulnerable to an attack that could allow a third party to recover (fully or partially) the plaintext from encrypted traffic. (CVE-2013-0169) - A flaw in OCSP signature verification in the OpenSSL library allows remote OCSP servers to cause a denial of service condition with an invalid key. (CVE-2013-0166)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 69987
    published 2013-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69987
    title Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2454.NASL
    description Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack (MMA). - CVE-2012-1165 It was discovered that a NULL pointer could be dereferenced when parsing certain S/MIME messages, leading to denial of service. - CVE-2012-2110 Tavis Ormandy, Google Security Team, discovered a vulnerability in the way DER-encoded ASN.1 data is parsed that can result in a heap overflow. Additionally, the fix for CVE-2011-4619 has been updated to address an issue with SGC handshakes. Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58804
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58804
    title Debian DSA-2454-2 : openssl - multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBOPENSSL-DEVEL-120503.NASL
    description This update of openssl fixes an integer conversation issue which could cause a heap-based memory corruption. (CVE-2012-2110) Additionally, a check for negative buffer length values was added (CVE-2012-2131) and the stack made non-executable by marking the enhanced Intel SSSE3 assembler code as not needing executable stack.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64184
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64184
    title SuSE 11.1 Security Update : openssl (SAT Patch Number 6245)
refmap via4
apple APPLE-SA-2013-06-04-1
bid 53212
confirm
debian DSA-2454
hp
  • HPSBOV02793
  • HPSBUX02782
  • SSRT100844
  • SSRT100891
mandriva MDVSA-2012:064
mlist [oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110)
sectrack 1026957
secunia
  • 48895
  • 48956
  • 57353
suse
  • SUSE-SU-2012:0623
  • SUSE-SU-2012:0637
  • SUSE-SU-2012:1149
ubuntu USN-1428-1
xf openssl-asn1-code-execution(75099)
Last major update 07-12-2016 - 22:02
Published 24-04-2012 - 16:55
Last modified 04-01-2018 - 21:29
Back to Top