CVE-2012-0884

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

http://marc.info/?l=bugtraq&m=133728068926468&w=2

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=134039053214295&w=2

http://rhn.redhat.com/errata/RHSA-2012-0426.html

http://rhn.redhat.com/errata/RHSA-2012-0488.html

http://rhn.redhat.com/errata/RHSA-2012-0531.html

http://rhn.redhat.com/errata/RHSA-2012-1306.html

http://rhn.redhat.com/errata/RHSA-2012-1307.html

http://rhn.redhat.com/errata/RHSA-2012-1308.html

http://secunia.com/advisories/48580

http://secunia.com/advisories/48895

http://secunia.com/advisories/48916

http://secunia.com/advisories/57353

http://www.debian.org/security/2012/dsa-2454

http://www.kb.cert.org/vuls/id/737740

http://www.openssl.org/news/secadv_20120312.txt

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564

https://downloads.avaya.com/css/P8/documents/100162507

https://hermes.opensuse.org/messages/14330767

Details

Source: MITRE

Published: 2012-03-13

Updated: 2018-01-10

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.1b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8t (inclusive)

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
80716Oracle Solaris Third-Party Patch Update : openssl (cve_2012_0884_cryptographic_issue1)NessusSolaris Local Security Checks
medium
80197Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)NessusJunos Local Security Checks
high
79532OracleVM 3.2 : onpenssl (OVMSA-2014-0008)NessusOracleVM Local Security Checks
high
79531OracleVM 2.2 : openssl (OVMSA-2014-0007)NessusOracleVM Local Security Checks
high
79286RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)NessusRed Hat Local Security Checks
medium
78922RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)NessusRed Hat Local Security Checks
high
74901openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)NessusSuSE Local Security Checks
high
74605openSUSE Security Update : openssl (openSUSE-SU-2012:0547-1)NessusSuSE Local Security Checks
medium
73562AIX OpenSSL Advisory : openssl_advisory4.ascNessusAIX Local Security Checks
high
71169GLSA-201312-03 : OpenSSL: Multiple VulnerabilitiesNessusGentoo Local Security Checks
high
69669Amazon Linux AMI : openssl (ALAS-2012-62)NessusAmazon Linux Local Security Checks
medium
68501Oracle Linux 5 / 6 : openssl (ELSA-2012-0426)NessusOracle Linux Local Security Checks
medium
63031Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)NessusFedora Local Security Checks
high
61320Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120529)NessusScientific Linux Local Security Checks
medium
61293Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120327)NessusScientific Linux Local Security Checks
medium
59747FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (2ae114de-c064-11e1-b5e0-000c299b62e1)NessusFreeBSD Local Security Checks
high
59289Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : openssl vulnerabilities (USN-1451-1)NessusUbuntu Local Security Checks
medium
58804Debian DSA-2454-2 : openssl - multiple vulnerabilitiesNessusDebian Local Security Checks
high
58699Fedora 15 : openssl-1.0.0h-1.fc15 (2012-4659)NessusFedora Local Security Checks
medium
58697Fedora 17 : openssl-1.0.0h-1.fc17 (2012-4630)NessusFedora Local Security Checks
medium
58678SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)NessusSuSE Local Security Checks
medium
58677SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)NessusSuSE Local Security Checks
medium
58669Fedora 16 : openssl-1.0.0h-1.fc16 (2012-4665)NessusFedora Local Security Checks
medium
58565OpenSSL 1.0.0 < 1.0.0h Multiple VulnerabilitiesNessusWeb Servers
medium
58564OpenSSL < 0.9.8u Multiple VulnerabilitiesNessusWeb Servers
medium
801067OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple VulnerabilitiesLog Correlation EngineWeb Servers
medium
6400OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
58507RHEL 5 / 6 : openssl (RHSA-2012:0426)NessusRed Hat Local Security Checks
medium
58502CentOS 5 / 6 : openssl (CESA-2012:0426)NessusCentOS Local Security Checks
medium
58490Mandriva Linux Security Advisory : openssl (MDVSA-2012:038)NessusMandriva Local Security Checks
medium
58360FreeBSD : OpenSSL -- CMS and S/MIME Bleichenbacher attack (60eb344e-6eb1-11e1-8ad7-00e0815b8da8)NessusFreeBSD Local Security Checks
medium