CVE-2011-4576
First published: Fri Jan 06 2012(Updated: )
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSL OpenSSL | =0.9.8b | |
| OpenSSL OpenSSL | =0.9.7l | |
| OpenSSL OpenSSL | =0.9.6i | |
| OpenSSL OpenSSL | =0.9.8m | |
| OpenSSL OpenSSL | =0.9.8c | |
| OpenSSL OpenSSL | =0.9.7c | |
| OpenSSL OpenSSL | =0.9.8n | |
| OpenSSL OpenSSL | =0.9.8p | |
| OpenSSL OpenSSL | =0.9.6d | |
| OpenSSL OpenSSL | =0.9.1c | |
| OpenSSL OpenSSL | =0.9.6 | |
| OpenSSL OpenSSL | =0.9.7j | |
| OpenSSL OpenSSL | =0.9.6a | |
| OpenSSL OpenSSL | =0.9.8e | |
| OpenSSL OpenSSL | =0.9.6h-bogus | |
| OpenSSL OpenSSL | =0.9.4 | |
| OpenSSL OpenSSL | =0.9.8g | |
| OpenSSL OpenSSL | =0.9.8k | |
| OpenSSL OpenSSL | =0.9.8d | |
| OpenSSL OpenSSL | =0.9.5a | |
| OpenSSL OpenSSL | =0.9.6f | |
| OpenSSL OpenSSL | =0.9.8j | |
| OpenSSL OpenSSL | =0.9.6l | |
| OpenSSL OpenSSL | =0.9.7k | |
| OpenSSL OpenSSL | =0.9.7g | |
| OpenSSL OpenSSL | <=0.9.8r | |
| OpenSSL OpenSSL | =0.9.6e | |
| OpenSSL OpenSSL | =0.9.7d | |
| OpenSSL OpenSSL | =0.9.8l | |
| OpenSSL OpenSSL | =0.9.7 | |
| OpenSSL OpenSSL | =0.9.6b | |
| OpenSSL OpenSSL | =0.9.7e | |
| OpenSSL OpenSSL | =0.9.7b | |
| OpenSSL OpenSSL | =0.9.6k | |
| OpenSSL OpenSSL | =0.9.8a | |
| OpenSSL OpenSSL | =0.9.6g | |
| OpenSSL OpenSSL | =0.9.7m | |
| OpenSSL OpenSSL | =0.9.6h | |
| OpenSSL OpenSSL | =0.9.7i | |
| OpenSSL OpenSSL | =0.9.7h | |
| OpenSSL OpenSSL | =0.9.8o | |
| OpenSSL OpenSSL | =0.9.8q | |
| OpenSSL OpenSSL | =0.9.6j | |
| OpenSSL OpenSSL | =0.9.8 | |
| OpenSSL OpenSSL | =0.9.7a | |
| OpenSSL OpenSSL | =0.9.6c | |
| OpenSSL OpenSSL | =0.9.6m | |
| OpenSSL OpenSSL | =0.9.8i | |
| OpenSSL OpenSSL | =0.9.8f | |
| OpenSSL OpenSSL | =0.9.8h | |
| OpenSSL OpenSSL | =0.9.2b | |
| OpenSSL OpenSSL | =0.9.5 | |
| OpenSSL OpenSSL | =0.9.7f | |
| OpenSSL OpenSSL | =1.0.0c | |
| OpenSSL OpenSSL | =1.0.0-beta1 | |
| OpenSSL OpenSSL | =1.0.0-beta2 | |
| OpenSSL OpenSSL | =1.0.0-beta3 | |
| OpenSSL OpenSSL | =1.0.0d | |
| OpenSSL OpenSSL | <=1.0.0e | |
| OpenSSL OpenSSL | =1.0.0-beta4 | |
| OpenSSL OpenSSL | =1.0.0 | |
| OpenSSL OpenSSL | =1.0.0-beta5 | |
| OpenSSL OpenSSL | =1.0.0a | |
| OpenSSL OpenSSL | =1.0.0b |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openssl.org/news/secadv_20120104.txt
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:006
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
- http://secunia.com/advisories/48528
- http://rhn.redhat.com/errata/RHSA-2012-1306.html
- http://rhn.redhat.com/errata/RHSA-2012-1307.html
- http://rhn.redhat.com/errata/RHSA-2012-1308.html
- http://www.debian.org/security/2012/dsa-2390
- http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
- http://support.apple.com/kb/HT5784
- http://marc.info/?l=bugtraq&m=132750648501816&w=2
- http://marc.info/?l=bugtraq&m=134039053214295&w=2
- http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
- http://www.kb.cert.org/vuls/id/737740
- http://secunia.com/advisories/55069
- http://secunia.com/advisories/57353
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
- http://marc.info/?l=bugtraq&m=133951357207000&w=2
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/0.9.8b
- version/openssl openssl/0.9.7l
- version/openssl openssl/0.9.6i
- version/openssl openssl/0.9.8m
- version/openssl openssl/0.9.8c
- version/openssl openssl/0.9.7c
- version/openssl openssl/0.9.8n
- version/openssl openssl/0.9.8p
- version/openssl openssl/0.9.6d
- version/openssl openssl/0.9.1c
- version/openssl openssl/0.9.6
- version/openssl openssl/0.9.7j
- version/openssl openssl/0.9.6a
- version/openssl openssl/0.9.8e
- version/openssl openssl/0.9.6h-bogus
- version/openssl openssl/0.9.4
- version/openssl openssl/0.9.8g
- version/openssl openssl/0.9.8k
- version/openssl openssl/0.9.8d
- version/openssl openssl/0.9.5a
- version/openssl openssl/0.9.6f
- version/openssl openssl/0.9.8j
- version/openssl openssl/0.9.6l
- version/openssl openssl/0.9.7k
- version/openssl openssl/0.9.7g
- version/openssl openssl/0.9.8r
- version/openssl openssl/0.9.6e
- version/openssl openssl/0.9.7d
- version/openssl openssl/0.9.8l
- version/openssl openssl/0.9.7
- version/openssl openssl/0.9.6b
- version/openssl openssl/0.9.7e
- version/openssl openssl/0.9.7b
- version/openssl openssl/0.9.6k
- version/openssl openssl/0.9.8a
- version/openssl openssl/0.9.6g
- version/openssl openssl/0.9.7m
- version/openssl openssl/0.9.6h
- version/openssl openssl/0.9.7i
- version/openssl openssl/0.9.7h
- version/openssl openssl/0.9.8o
- version/openssl openssl/0.9.8q
- version/openssl openssl/0.9.6j
- version/openssl openssl/0.9.8
- version/openssl openssl/0.9.7a
- version/openssl openssl/0.9.6c
- version/openssl openssl/0.9.6m
- version/openssl openssl/0.9.8i
- version/openssl openssl/0.9.8f
- version/openssl openssl/0.9.8h
- version/openssl openssl/0.9.2b
- version/openssl openssl/0.9.5
- version/openssl openssl/0.9.7f
- version/openssl openssl/1.0.0c
- version/openssl openssl/1.0.0-beta1
- version/openssl openssl/1.0.0-beta2
- version/openssl openssl/1.0.0-beta3
- version/openssl openssl/1.0.0d
- version/openssl openssl/1.0.0e
- version/openssl openssl/1.0.0-beta4
- version/openssl openssl/1.0.0
- version/openssl openssl/1.0.0-beta5
- version/openssl openssl/1.0.0a
- version/openssl openssl/1.0.0b