Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2011-4109

Published: 06/01/2012 Updated: 29/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Openssl

Vulnerability Summary

Double free vulnerability in OpenSSL 0.9.8 prior to 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote malicious users to have an unspecified impact by triggering failure of a policy check.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl 0.9.8r

openssl openssl 0.9.8q

openssl openssl 0.9.8j

openssl openssl 0.9.8i

openssl openssl 0.9.8b

openssl openssl 0.9.8a

openssl openssl 0.9.8n

openssl openssl 0.9.8m

openssl openssl 0.9.8f

openssl openssl 0.9.8e

openssl openssl 0.9.8l

openssl openssl 0.9.8k

openssl openssl 0.9.8d

openssl openssl 0.9.8c

openssl openssl 0.9.8p

openssl openssl 0.9.8o

openssl openssl 0.9.8h

openssl openssl 0.9.8g

openssl openssl 0.9.8

Vendor Advisories

Red Hat: Moderate: openssl security update
Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...
Ubuntu Security Notice: openssl vulnerabilities
Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash ...
Debian CVElist Bug Report Logs: Potential DTLS crasher bug
Debian Bug report logs - #645805 Potential DTLS crasher bug Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Tue, 18 Oct 2011 18:27:02 UTC Severity: ...
Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys
Debian Bug report logs - #650621 CVE-2011-4354: OpenSSL 098g (32-bit builds) bug leaks ECC private keys Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> ...
Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilities
Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintex ...

Recent Articles

It took DEF CON hackers minutes to pwn these US voting machines
The Register • Iain Thomson in San Francisco • 29 Jul 2017

We've got three years to shore up election security

DEF CON After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them. This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House race – and hackers got to work physically breaking the gear open to find out what was hidden inside. In less than 90 minutes, the first cracks in the systems' ...

Read more...

References

CWE-399http://www.openssl.org/news/secadv_20120104.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2012:006http://www.mandriva.com/security/advisories?name=MDVSA-2012:007http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.aschttp://secunia.com/advisories/48528http://marc.info/?l=bugtraq&m=134039053214295&w=2http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://marc.info/?l=bugtraq&m=132750648501816&w=2http://www.debian.org/security/2012/dsa-2390http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://support.apple.com/kb/HT5784http://www.kb.cert.org/vuls/id/737740https://exchange.xforce.ibmcloud.com/vulnerabilities/72129https://access.redhat.com/errata/RHSA-2012:0060https://usn.ubuntu.com/1357-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/737740
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook