fkie_cve-2012-0884
Vulnerability from fkie_nvd
Published
2012-03-13 03:12
Modified
2024-11-21 01:35
Severity ?
Summary
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133728068926468&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133728068926468&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133951357207000&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=133951357207000&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134039053214295&w=2
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=134039053214295&w=2
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0426.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0488.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1306.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1307.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1308.html
secalert@redhat.comhttp://secunia.com/advisories/48580
secalert@redhat.comhttp://secunia.com/advisories/48895
secalert@redhat.comhttp://secunia.com/advisories/48916
secalert@redhat.comhttp://secunia.com/advisories/57353
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2454
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/737740US Government Resource
secalert@redhat.comhttp://www.openssl.org/news/secadv_20120312.txtVendor Advisory
secalert@redhat.comhttps://downloads.avaya.com/css/P8/documents/100162507
secalert@redhat.comhttps://hermes.opensuse.org/messages/14330767
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133728068926468&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133728068926468&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133951357207000&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=133951357207000&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134039053214295&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=134039053214295&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0426.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0488.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1306.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1307.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1308.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48580
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48895
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48916
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57353
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2454
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/737740US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.openssl.org/news/secadv_20120312.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://downloads.avaya.com/css/P8/documents/100162507
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/14330767
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl 0.9.0b
openssl openssl 0.9.1b
openssl openssl 0.9.1c
openssl openssl 0.9.2b
openssl openssl 0.9.3
openssl openssl 0.9.3a
openssl openssl 0.9.4
openssl openssl 0.9.5
openssl openssl 0.9.5a
openssl openssl 0.9.6
openssl openssl 0.9.6a
openssl openssl 0.9.6b
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6i
openssl openssl 0.9.6j
openssl openssl 0.9.6k
openssl openssl 0.9.6l
openssl openssl 0.9.6m
openssl openssl 0.9.7
openssl openssl 0.9.7a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.7h
openssl openssl 0.9.7i
openssl openssl 0.9.7j
openssl openssl 0.9.7k
openssl openssl 0.9.7l
openssl openssl 0.9.7m
openssl openssl 0.9.8
openssl openssl 0.9.8a
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8d
openssl openssl 0.9.8e
openssl openssl 0.9.8f
openssl openssl 0.9.8g
openssl openssl 0.9.8h
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8k
openssl openssl 0.9.8l
openssl openssl 0.9.8m
openssl openssl 0.9.8n
openssl openssl 0.9.8o
openssl openssl 0.9.8p
openssl openssl 0.9.8q
openssl openssl 0.9.8r
openssl openssl 0.9.8s
openssl openssl 1.0.0
openssl openssl 1.0.0a
openssl openssl 1.0.0b
openssl openssl 1.0.0c
openssl openssl 1.0.0d
openssl openssl 1.0.0e
openssl openssl 1.0.0f
openssl openssl 1.0.0g


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "696376CD-ED8A-4086-AD60-C0D5F6999F80",
              "versionEndIncluding": "0.9.8t",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4F6317-358E-4BFA-B826-DE1FEA965808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C775A5-0E14-4BB4-8664-EFAF8E3B70FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4C5F05-BC0B-478D-9A6F-7C804777BA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "27F417A1-5D97-4BC4-8B97-5AC40236DA21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
              "matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
              "matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
              "matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
              "matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
              "matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
              "matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
              "matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
              "matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
              "matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB15C1F3-0DE8-4A50-B17C-618ECA58AABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45491BD3-7C62-4422-B7DA-CB2741890FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de Cryptographic Message Syntax (CMS) y PKCS #7 de OpenSSL anteriores a 0.9.8u y 1.x anteriores a 1.0.0h no restringe apropiadamente un determinado uso de informaci\u00f3n posterior (\"oracle behavior\"), lo que facilita a atacantes dependientes del contexto desencriptar datos a trav\u00e9s de un ataque de tipo \"Million Message Attack (MMA) adaptive chosen ciphertext\"."
    }
  ],
  "id": "CVE-2012-0884",
  "lastModified": "2024-11-21T01:35:54.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T03:12:26.243",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48580"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48895"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48916"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57353"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2454"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20120312.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://downloads.avaya.com/css/P8/documents/100162507"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://hermes.opensuse.org/messages/14330767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/737740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openssl.org/news/secadv_20120312.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://downloads.avaya.com/css/P8/documents/100162507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/14330767"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.