CVE-2012-0050

MEDIUM

Description

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

References

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03169289

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=134039053214295&w=2

http://osvdb.org/78320

http://secunia.com/advisories/47631

http://secunia.com/advisories/47677

http://secunia.com/advisories/47755

http://secunia.com/advisories/48528

http://secunia.com/advisories/57353

http://support.apple.com/kb/HT5784

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

http://www.debian.org/security/2012/dsa-2392

http://www.mandriva.com/security/advisories?name=MDVSA-2012:011

http://www.openssl.org/news/secadv_20120118.txt

http://www.securityfocus.com/bid/51563

http://www.securitytracker.com/id?1026548

Details

Source: MITRE

Published: 2012-01-19

Updated: 2016-08-23

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (27 total)

ID	Name	Product	Family	Severity
89038	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check)	Nessus	Misc.	high
80715	Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0050_denial_of)	Nessus	Solaris Local Security Checks	high
79532	OracleVM 3.2 : onpenssl (OVMSA-2014-0008)	Nessus	OracleVM Local Security Checks	critical
79531	OracleVM 2.2 : openssl (OVMSA-2014-0007)	Nessus	OracleVM Local Security Checks	critical
75909	openSUSE Security Update : libopenssl-devel (openSUSE-SU-2012:0266-1)	Nessus	SuSE Local Security Checks	medium
74901	openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)	Nessus	SuSE Local Security Checks	high
74859	openSUSE Security Update : openssl (openSUSE-2012-99)	Nessus	SuSE Local Security Checks	medium
73561	AIX OpenSSL Advisory : openssl_advisory3.asc	Nessus	AIX Local Security Checks	high
70885	ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)	Nessus	Misc.	high
801016	Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)	Log Correlation Engine	Operating System Detection	high
66809	Mac OS X Multiple Vulnerabilities (Security Update 2013-002)	Nessus	MacOS X Local Security Checks	high
66808	Mac OS X 10.8.x < 10.8.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
6857	Mac OS X 10.8 < 10.8.4 Multiple Vulnerabilities (Security Update 2013-002)	Nessus Network Monitor	Web Clients	critical
61747	VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries	Nessus	VMware ESX Local Security Checks	high
58222	GLSA-201203-12 : OpenSSL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
58033	SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7961)	Nessus	SuSE Local Security Checks	medium
58031	SuSE 11.1 Security Update : libopenssl (SAT Patch Number 5808)	Nessus	SuSE Local Security Checks	medium
57887	Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)	Nessus	Ubuntu Local Security Checks	high
57724	Mandriva Linux Security Advisory : openssl (MDVSA-2012:011)	Nessus	Mandriva Local Security Checks	medium
57712	OpenSSL 1.0.0f DTLS Denial of Service	Nessus	Web Servers	medium
57711	OpenSSL 0.9.8s DTLS Denial of Service	Nessus	Web Servers	medium
57671	Fedora 15 : openssl-1.0.0g-1.fc15 (2012-0702)	Nessus	Fedora Local Security Checks	medium
57643	Debian DSA-2392-1 : openssl - out-of-bounds read	Nessus	Debian Local Security Checks	medium
57628	FreeBSD : OpenSSL -- DTLS Denial of Service (5c5f19ce-43af-11e1-89b4-001ec9578670)	Nessus	FreeBSD Local Security Checks	medium
57627	Fedora 16 : openssl-1.0.0g-1.fc16 (2012-0708)	Nessus	Fedora Local Security Checks	medium
801054	OpenSSL 0.9.8s / 1.0.0f DTLS Denial of Service	Log Correlation Engine	Web Servers	medium
6288	OpenSSL 0.9.8s / 1.0.0f DTLS DoS	Nessus Network Monitor	Web Servers	medium