Описание
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
Отчет
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 as they do not include support for DTLS protocol.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | openssl | Not affected | ||
| Red Hat Enterprise Linux 4 | openssl | Not affected | ||
| Red Hat Enterprise Linux 4 | openssl096b | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl097a | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl098e | Will not fix | ||
| Red Hat Enterprise Linux 5 | openssl | Fixed | RHSA-2012:0060 | 24.01.2012 |
| Red Hat Enterprise Linux 6 | openssl | Fixed | RHSA-2012:0059 | 24.01.2012 |
| Red Hat JBoss Enterprise Application Platform 5.1 | Fixed | RHSA-2012:1307 | 24.09.2012 | |
| Red Hat JBoss Enterprise Application Platform 6.0 | Fixed | RHSA-2012:1308 | 24.09.2012 | |
| Red Hat JBoss Web Server 1.0 | Fixed | RHSA-2012:1306 | 24.09.2012 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
4.3 Medium
CVSS2