Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL 0.9.8 < 0.9.8u / 1.0.0 < 1.0.0h Multiple Vulnerabilities

Medium

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

OpenSSL versions earlier than 0.9.8u and 1.0.0h are potentially affected by multiple vulnerabilities :

- A NULL pointer dereference flaw exists in mime_param_cmp. A specially crafted S/MIME input header could cause an application to crash during S/MIME message verification or decryption. (CVE-2012-1165)

- A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding. Note that only users of CMS, PKCS 7, or S/MIME decryption operations are affected.

Solution

Upgrade to OpenSSL 0.9.8u, 1.0.0h, or later.