CVE-2011-4619

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

http://marc.info/?l=bugtraq&m=132750648501816&w=2

http://marc.info/?l=bugtraq&m=133728068926468&w=2

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=134039053214295&w=2

http://rhn.redhat.com/errata/RHSA-2012-1306.html

http://rhn.redhat.com/errata/RHSA-2012-1307.html

http://rhn.redhat.com/errata/RHSA-2012-1308.html

http://secunia.com/advisories/48528

http://secunia.com/advisories/57353

http://support.apple.com/kb/HT5784

http://www.debian.org/security/2012/dsa-2390

http://www.kb.cert.org/vuls/id/737740

http://www.mandriva.com/security/advisories?name=MDVSA-2012:006

http://www.mandriva.com/security/advisories?name=MDVSA-2012:007

http://www.openssl.org/news/secadv_20120104.txt

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

Details

Source: MITRE

Published: 2012-01-06

Updated: 2016-08-23

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8r (inclusive)

Configuration 2

OR

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 1.0.0e (inclusive)

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
89038VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)NessusMisc.
high
80715Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)NessusSolaris Local Security Checks
high
80197Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)NessusJunos Local Security Checks
high
79532OracleVM 3.2 : onpenssl (OVMSA-2014-0008)NessusOracleVM Local Security Checks
high
79531OracleVM 2.2 : openssl (OVMSA-2014-0007)NessusOracleVM Local Security Checks
high
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
79282RHEL 6 : rhev-hypervisor6 (RHSA-2012:0109)NessusRed Hat Local Security Checks
high
78188F5 Networks BIG-IP : OpenSSL vulnerability (SOL15461)NessusF5 Networks Local Security Checks
medium
75908openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)NessusSuSE Local Security Checks
medium
75598openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)NessusSuSE Local Security Checks
medium
74901openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)NessusSuSE Local Security Checks
high
74722openSUSE Security Update : openssl (openSUSE-2012-52)NessusSuSE Local Security Checks
medium
73561AIX OpenSSL Advisory : openssl_advisory3.ascNessusAIX Local Security Checks
high
70885ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)NessusMisc.
high
70165Juniper Steel-Belted Radius Multiple OpenSSL VulnerabilitiesNessusMisc.
medium
69645Amazon Linux AMI : openssl (ALAS-2012-38)NessusAmazon Linux Local Security Checks
medium
68447Oracle Linux 4 : openssl (ELSA-2012-0086)NessusOracle Linux Local Security Checks
medium
68438Oracle Linux 5 : openssl (ELSA-2012-0060)NessusOracle Linux Local Security Checks
high
68437Oracle Linux 6 : openssl (ELSA-2012-0059)NessusOracle Linux Local Security Checks
medium
801016Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)Log Correlation EngineOperating System Detection
high
6857Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)Nessus Network MonitorWeb Clients
critical
66809Mac OS X Multiple Vulnerabilities (Security Update 2013-002)NessusMacOS X Local Security Checks
critical
66808Mac OS X 10.8.x < 10.8.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
63031Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)NessusFedora Local Security Checks
high
61942Mandriva Linux Security Advisory : openssl (MDVSA-2012:007)NessusMandriva Local Security Checks
high
61747VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party librariesNessusVMware ESX Local Security Checks
critical
61232Scientific Linux Security Update : openssl on SL4.x i386/x86_64 (20120201)NessusScientific Linux Local Security Checks
medium
61225Scientific Linux Security Update : openssl on SL6.x i386/x86_64 (20120124)NessusScientific Linux Local Security Checks
medium
61224Scientific Linux Security Update : openssl on SL5.x i386/x86_64 (20120124)NessusScientific Linux Local Security Checks
high
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
59747FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)NessusFreeBSD Local Security Checks
high
58565OpenSSL 1.0.0 < 1.0.0h Multiple VulnerabilitiesNessusWeb Servers
medium
58564OpenSSL < 0.9.8u Multiple VulnerabilitiesNessusWeb Servers
medium
58222GLSA-201203-12 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
57887Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)NessusUbuntu Local Security Checks
high
57806CentOS 4 : openssl (CESA-2012:0086)NessusCentOS Local Security Checks
medium
57789RHEL 4 : openssl (RHSA-2012:0086)NessusRed Hat Local Security Checks
medium
57731CentOS 6 : openssl (CESA-2012:0059)NessusCentOS Local Security Checks
medium
57692CentOS 5 : openssl (CESA-2012:0060)NessusCentOS Local Security Checks
high
57678RHEL 5 : openssl (RHSA-2012:0060)NessusRed Hat Local Security Checks
high
57677RHEL 6 : openssl (RHSA-2012:0059)NessusRed Hat Local Security Checks
medium
57570SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7923)NessusSuSE Local Security Checks
high
57569SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 5635)NessusSuSE Local Security Checks
high
57568Mandriva Linux Security Advisory : openssl (MDVSA-2012:006)NessusMandriva Local Security Checks
high
57551FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)NessusFreeBSD Local Security Checks
high
57546Fedora 15 : openssl-1.0.0f-1.fc15 (2012-0250)NessusFedora Local Security Checks
medium
57543Debian DSA-2390-1 : openssl - several vulnerabilitiesNessusDebian Local Security Checks
high
57479Fedora 16 : openssl-1.0.0f-1.fc16 (2012-0232)NessusFedora Local Security Checks
medium
57460OpenSSL 1.x < 1.0.0f Multiple VulnerabilitiesNessusWeb Servers
medium
57459OpenSSL < 0.9.8s Multiple VulnerabilitiesNessusWeb Servers
high
801059OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6129OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high