CVE-2012-0027 | Tenable®

Login

Tenable Community & Support

Tenable University

CVE-2012-0027

MEDIUM

Description

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

http://osvdb.org/78191

http://secunia.com/advisories/57353

http://www.mandriva.com/security/advisories?name=MDVSA-2012:007

http://www.openssl.org/news/secadv_20120104.txt

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

Details

Source: MITRE

Published: 2012-01-06

Updated: 2014-03-26

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 1.0.0e (inclusive)

Tenable Plugins

View all (13 total)

ID	Name	Product	Family	Severity
80715	Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)	Nessus	Solaris Local Security Checks	high
75908	openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)	Nessus	SuSE Local Security Checks	medium
75598	openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0083-1)	Nessus	SuSE Local Security Checks	medium
74901	openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)	Nessus	SuSE Local Security Checks	high
74722	openSUSE Security Update : openssl (openSUSE-2012-52)	Nessus	SuSE Local Security Checks	medium
61942	Mandriva Linux Security Advisory : openssl (MDVSA-2012:007)	Nessus	Mandriva Local Security Checks	high
59851	HP System Management Homepage < 7.1.1 Multiple Vulnerabilities	Nessus	Web Servers	critical
58222	GLSA-201203-12 : OpenSSL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
57887	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)	Nessus	Ubuntu Local Security Checks	high
57551	FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)	Nessus	FreeBSD Local Security Checks	high
57460	OpenSSL 1.x < 1.0.0f Multiple Vulnerabilities	Nessus	Web Servers	medium
801059	OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities	Log Correlation Engine	Web Servers	high
6129	OpenSSL 0.9.8 < 0.9.8s / 1.x < 1.0.0f Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high