OpenSSL CMS and S/MIME Bleichenbacher attack (CVE-2012-0884)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | March 12, 2012 | March 23, 2012 | January 11, 2018 |
Description
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
http-openssl-0_9_8-upgrade-0_9_8_uRelated Vulnerabilities
- ELSA-2012-0699 Moderate: Oracle Linux openssl security and bug fix update
- Gentoo Linux: CVE-2012-0884: OpenSSL: Multiple Vulnerabilities
- DSA-2454-2 openssl -- multiple vulnerabilities
- FreeBSD: OpenSSL -- CMS and S/MIME Bleichenbacher attack (CVE-2012-0884)
- HP-UX: CVE-2012-0884: Running OpenSSL, Remote Denial of Service (DoS)
- ELSA-2012-0426 Moderate: Oracle Linux openssl security and bug fix update
- Oracle Solaris 11: CVE-2012-0884: Vulnerability in OpenSSL
- FreeBSD: FreeBSD -- OpenSSL multiple vulnerabilities (FreeBSD-SA-12:01.openssl) (Multiple CVEs)
- SUSE Linux Security Vulnerability: CVE-2012-0884
- Amazon Linux AMI: Security patch for openssl (ALAS-2012-62) (multiple CVEs)
- ELSA-2013-0587 Moderate: Oracle Linux openssl security update
- Alpine Linux: CVE-2012-0884: openssl CMS and S/MIME Bleichenbacher attack
- RHSA-2012:0426: openssl security and bug fix update
- IBM AIX: openssl_advisory4 (CVE-2012-0884): Vulnerabilities in OpenSSL affect AIX
- USN-1451-1: OpenSSL vulnerabilities