Published: 06/01/2012 Updated: 23/08/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The Server Gated Cryptography (SGC) implementation in OpenSSL prior to 0.9.8s and 1.x prior to 1.0.0f does not properly handle handshake restarts, which allows remote malicious users to cause a denial of service (CPU consumption) via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 0.9.8m
openssl openssl 0.9.8l
openssl openssl 0.9.8d
openssl openssl 0.9.8c
openssl openssl 0.9.7j
openssl openssl 0.9.7i
openssl openssl 0.9.7b
openssl openssl 0.9.7a
openssl openssl 0.9.7
openssl openssl 0.9.6h
openssl openssl 0.9.6g
openssl openssl 0.9.6
openssl openssl 0.9.5a
openssl openssl 0.9.8q
openssl openssl 0.9.8p
openssl openssl 0.9.8h
openssl openssl 0.9.8g
openssl openssl 0.9.8
openssl openssl 0.9.7m
openssl openssl 0.9.7f
openssl openssl 0.9.7e
openssl openssl 0.9.6k
openssl openssl 0.9.6j
openssl openssl 0.9.6d
openssl openssl 0.9.6c
openssl openssl 0.9.2b
openssl openssl 0.9.1c
openssl openssl 0.9.8o
openssl openssl 0.9.8n
openssl openssl 0.9.8f
openssl openssl 0.9.8e
openssl openssl 0.9.7l
openssl openssl 0.9.7k
openssl openssl 0.9.7d
openssl openssl 0.9.7c
openssl openssl 0.9.6i
openssl openssl 0.9.6b
openssl openssl 0.9.6a
openssl openssl
openssl openssl 0.9.8k
openssl openssl 0.9.8j
openssl openssl 0.9.8i
openssl openssl 0.9.8b
openssl openssl 0.9.8a
openssl openssl 0.9.7h
openssl openssl 0.9.7g
openssl openssl 0.9.6m
openssl openssl 0.9.6l
openssl openssl 0.9.6f
openssl openssl 0.9.6e
openssl openssl 0.9.5
openssl openssl 0.9.4
openssl openssl 1.0.0c
openssl openssl 1.0.0b
openssl openssl 1.0.0
openssl openssl 1.0.0d
openssl openssl 1.0.0a

Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash ...

Debian Bug report logs - #645805 Potential DTLS crasher bug Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Tue, 18 Oct 2011 18:27:02 UTC Severity: ...

Debian Bug report logs - #650621 CVE-2011-4354: OpenSSL 098g (32-bit builds) bug leaks ECC private keys Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> ...

Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintex ...

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes multiple security issues andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impa ...

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerabili ...

Synopsis Moderate: openssl security update Type/Severity Security Advisory: Moderate Topic Updated openssl packages that fix two security issues are now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Sc ...

It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle (CVE-2011-4108) An information leak flaw was ...

CWE-399 http://www.openssl.org/news/secadv_20120104.txt http://www.mandriva.com/security/advisories?name=MDVSA-2012:006 http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://secunia.com/advisories/48528 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://rhn.redhat.com/errata/RHSA-2012-1306.html http://rhn.redhat.com/errata/RHSA-2012-1307.html http://rhn.redhat.com/errata/RHSA-2012-1308.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 http://www.debian.org/security/2012/dsa-2390 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://www.kb.cert.org/vuls/id/737740 http://secunia.com/advisories/57353 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://marc.info/?l=bugtraq&m=133951357207000&w=2 http://marc.info/?l=bugtraq&m=133728068926468&w=2 https://usn.ubuntu.com/1357-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/737740

Get Started

CVE-2011-4619

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect