Описание
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.0.1-4ubuntu1 |
| esm-infra-legacy/trusty | not-affected | 1.0.1-4ubuntu1 |
| hardy | released | 0.9.8g-4ubuntu3.19 |
| lucid | released | 0.9.8k-7ubuntu8.13 |
| maverick | ignored | end of life |
| natty | released | 0.9.8o-5ubuntu1.7 |
| oneiric | released | 1.0.0e-2ubuntu4.6 |
| precise | not-affected | 1.0.1-4ubuntu1 |
| quantal | not-affected | 1.0.1-4ubuntu1 |
| raring | not-affected | 1.0.1-4ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.9.8o-7ubuntu4 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [0.9.8o-7ubuntu3.2.14.04.1]] |
| hardy | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| oneiric | ignored | end of life |
| precise | released | 0.9.8o-7ubuntu3.2 |
| quantal | ignored | end of life |
| raring | ignored | end of life |
Показывать по
5 Medium
CVSS2
Связанные уязвимости
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 i ...
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.
ELSA-2012-0426: openssl security and bug fix update (MODERATE)
5 Medium
CVSS2