CVE-2012-1165

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.

References

http://cvs.openssl.org/chngview?cn=22252

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html

http://marc.info/?l=bugtraq&m=133728068926468&w=2

http://marc.info/?l=bugtraq&m=134039053214295&w=2

http://rhn.redhat.com/errata/RHSA-2012-0426.html

http://rhn.redhat.com/errata/RHSA-2012-0488.html

http://rhn.redhat.com/errata/RHSA-2012-0531.html

http://rhn.redhat.com/errata/RHSA-2012-1306.html

http://rhn.redhat.com/errata/RHSA-2012-1307.html

http://rhn.redhat.com/errata/RHSA-2012-1308.html

http://secunia.com/advisories/48580

http://secunia.com/advisories/48895

http://secunia.com/advisories/48899

http://www.debian.org/security/2012/dsa-2454

http://www.openwall.com/lists/oss-security/2012/03/12/3

http://www.openwall.com/lists/oss-security/2012/03/12/6

http://www.openwall.com/lists/oss-security/2012/03/12/7

http://www.openwall.com/lists/oss-security/2012/03/13/2

http://www.securityfocus.com/bid/52764

http://www.securitytracker.com/id?1026787

http://www.ubuntu.com/usn/USN-1424-1

https://downloads.avaya.com/css/P8/documents/100162507

Details

Source: MITRE

Published: 2012-03-15

Updated: 2018-01-13

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 0.9.8t (inclusive)

Configuration 2

OR

cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*

cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
79532OracleVM 3.2 : onpenssl (OVMSA-2014-0008)NessusOracleVM Local Security Checks
high
79531OracleVM 2.2 : openssl (OVMSA-2014-0007)NessusOracleVM Local Security Checks
high
79286RHEL 5 : rhev-hypervisor5 (RHSA-2012:0488)NessusRed Hat Local Security Checks
medium
78922RHEL 6 : rhev-hypervisor6 (RHSA-2012:0531)NessusRed Hat Local Security Checks
high
74901openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)NessusSuSE Local Security Checks
high
74590openSUSE Security Update : openssl (openSUSE-SU-2012:0474-1)NessusSuSE Local Security Checks
medium
73562AIX OpenSSL Advisory : openssl_advisory4.ascNessusAIX Local Security Checks
high
71169GLSA-201312-03 : OpenSSL: Multiple VulnerabilitiesNessusGentoo Local Security Checks
high
69669Amazon Linux AMI : openssl (ALAS-2012-62)NessusAmazon Linux Local Security Checks
medium
68501Oracle Linux 5 / 6 : openssl (ELSA-2012-0426)NessusOracle Linux Local Security Checks
medium
63031Fedora 18 : mingw-openssl-1.0.1c-1.fc18 (2012-18035)NessusFedora Local Security Checks
high
61293Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64 (20120327)NessusScientific Linux Local Security Checks
medium
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
58808Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : openssl vulnerabilities (USN-1424-1)NessusUbuntu Local Security Checks
high
58804Debian DSA-2454-2 : openssl - multiple vulnerabilitiesNessusDebian Local Security Checks
high
58699Fedora 15 : openssl-1.0.0h-1.fc15 (2012-4659)NessusFedora Local Security Checks
medium
58697Fedora 17 : openssl-1.0.0h-1.fc17 (2012-4630)NessusFedora Local Security Checks
medium
58679SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8034)NessusSuSE Local Security Checks
medium
58678SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)NessusSuSE Local Security Checks
medium
58677SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)NessusSuSE Local Security Checks
medium
58669Fedora 16 : openssl-1.0.0h-1.fc16 (2012-4665)NessusFedora Local Security Checks
medium
58565OpenSSL 1.0.0 < 1.0.0h Multiple VulnerabilitiesNessusWeb Servers
medium
58564OpenSSL < 0.9.8u Multiple VulnerabilitiesNessusWeb Servers
medium
801067OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple VulnerabilitiesLog Correlation EngineWeb Servers
medium
6400OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
58507RHEL 5 / 6 : openssl (RHSA-2012:0426)NessusRed Hat Local Security Checks
medium
58502CentOS 5 / 6 : openssl (CESA-2012:0426)NessusCentOS Local Security Checks
medium
58490Mandriva Linux Security Advisory : openssl (MDVSA-2012:038)NessusMandriva Local Security Checks
medium