CVE-2011-3207

MEDIUM

Description

crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.

References

http://cvs.openssl.org/chngview?cn=21349

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

http://marc.info/?l=bugtraq&m=133226187115472&w=2

http://openssl.org/news/secadv_20110906.txt

http://secunia.com/advisories/45956

http://secunia.com/advisories/57353

http://support.apple.com/kb/HT5784

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

http://www.mandriva.com/security/advisories?name=MDVSA-2011:137

http://www.redhat.com/support/errata/RHSA-2011-1409.html

http://www.securitytracker.com/id?1026012

https://bugzilla.redhat.com/show_bug.cgi?id=736087

Details

Source: MITRE

Published: 2011-09-22

Updated: 2014-03-26

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

ID	Name	Product	Family	Severity
78265	Amazon Linux AMI : openssl (ALAS-2011-4)	Nessus	Amazon Linux Local Security Checks	medium
75907	openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:1144-1)	Nessus	SuSE Local Security Checks	medium
75597	openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:1144-1)	Nessus	SuSE Local Security Checks	medium
69563	Amazon Linux AMI : openssl (ALAS-2011-04)	Nessus	Amazon Linux Local Security Checks	medium
68380	Oracle Linux 6 : openssl (ELSA-2011-1409)	Nessus	Oracle Linux Local Security Checks	medium
801016	Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)	Log Correlation Engine	Operating System Detection	high
66809	Mac OS X Multiple Vulnerabilities (Security Update 2013-002)	Nessus	MacOS X Local Security Checks	high
66808	Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
6857	Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)	Nessus Network Monitor	Web Clients	critical
63031	Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)	Nessus	Fedora Local Security Checks	high
61165	Scientific Linux Security Update : openssl on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
58811	HP System Management Homepage < 7.0 Multiple Vulnerabilities	Nessus	Web Servers	critical
56661	RHEL 6 : openssl (RHSA-2011:1409)	Nessus	Red Hat Local Security Checks	medium
56425	GLSA-201110-01 : OpenSSL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
56325	Mandriva Linux Security Advisory : openssl (MDVSA-2011:137)	Nessus	Mandriva Local Security Checks	medium
56162	OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities	Nessus	Web Servers	medium
56156	Fedora 14 : openssl-1.0.0e-1.fc14 (2011-12281)	Nessus	Fedora Local Security Checks	medium
56152	Fedora 16 : openssl-1.0.0e-1.fc16 (2011-12233)	Nessus	Fedora Local Security Checks	medium
56117	FreeBSD : OpenSSL -- multiple vulnerabilities (2ecb7b20-d97e-11e0-b2e2-00215c6a37bb)	Nessus	FreeBSD Local Security Checks	medium
801065	OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities	Log Correlation Engine	Web Servers	medium
6022	OpenSSL 1.x < 1.0.0e Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium