CVE-2011-4108
published 2012-01-06CVE-2011-4108: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
15.76%
96.5th percentile
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
Affected
128 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnutls28 | < gnutls28 3.0.11-1 (bookworm) | gnutls28 3.0.11-1 (bookworm) |
| debian | openssl | < openssl 1.0.0f-1 (bookworm) | openssl 1.0.0f-1 (bookworm) |
| debian | openssl | < openssl 1.0.0g-1 (bookworm) | openssl 1.0.0g-1 (bookworm) |
| gnu | gnutls | <= 3.0.10 | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
OpenSSL Plain Text Recovery Attack Vulnerability
vendor_paloalto·2012-04-27·CVSS 4.3
CVE-2011-4108 [MEDIUM] CWE-310 OpenSSL Plain Text Recovery Attack Vulnerability
OpenSSL Plain Text Recovery Attack Vulnerability
The OpenSSL library implementation is vulnerable to a plain text recovery attack by performing timing analysis of the time required to decrypt encrypted data. A detailed report of this issue is available at http://www.isg.rhul.ac.uk/~kp/dtls.pdf. (Ref #36017)
This vulnerability can theoretically result in plain text recovery of a web management UI session, leading to possible session hijack and control of the device.
This issue affects PAN-OS 4.1.2 and earlier; PAN-OS 4.0.9 and earlier; PAN-OS 3.1.11 and earlier.
Affected products: PAN-OS
Solution: PAN-OS 4.1.3 and later; PAN-OS 4.0.10 and later; PAN-OS 3.1.12 and later.
Workaround: This issue affects the management interface of the device. Security appliance management best practices di
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2012-02-09·CVSS 2.6
CVE-2012-0027 [LOW] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Multiple vulnerabilities exist in OpenSSL that could expose
sensitive information or cause applications to crash.
It was discovered that the elliptic curve cryptography (ECC) subsystem
in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm
(ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement
curves over binary fields. This could allow an attacker to determine
private keys via a timing attack. This issue only affected Ubuntu 8.04
LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1945)
Adam Langley discovered that the ephemeral Elliptic Curve
Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread
safety while processing handshake messages from clients. This
could allow a remote attacker to c
Red Hat
gnutls: DTLS plaintext recovery attack
vendor_redhat·2012-01-05·CVSS 4.3
CVE-2012-0390 [MEDIUM] gnutls: DTLS plaintext recovery attack
gnutls: DTLS plaintext recovery attack
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
Statement: Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, 5 and 6 as they did not include support for DTLS.
Package: gnutls (Red Hat Enterprise Linux 4) - Not affected
Package: gnutls (Red Hat Enterprise Linux 5) - Not affected
Package: gnutls (Red Hat Enterprise Linux 6) - Not affected
Red Hat
openssl: DTLS plaintext recovery attack
vendor_redhat·2012-01-04·CVSS 4.3
CVE-2011-4108 [MEDIUM] openssl: DTLS plaintext recovery attack
openssl: DTLS plaintext recovery attack
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 as they do not include support for DTLS protocol.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl096b (Red Hat Enterprise Linux 4) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2012-0390: gnutls28 - The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-hand...
vendor_debian·2012·CVSS 4.3
CVE-2012-0390 [MEDIUM] CVE-2012-0390: gnutls28 - The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-hand...
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
Scope: local
bookworm: resolved (fixed in 3.0.11-1)
bullseye: resolved (fixed in 3.0.11-1)
forky: resolved (fixed in 3.0.11-1)
sid: resolved (fixed in 3.0.11-1)
trixie: resolved (fixed in 3.0.11-1)
Debian
CVE-2012-0050: openssl - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which all...
vendor_debian·2012·CVSS 4.3
CVE-2012-0050 [MEDIUM] CVE-2012-0050: openssl - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which all...
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
Scope: local
bookworm: resolved (fixed in 1.0.0g-1)
bullseye: resolved (fixed in 1.0.0g-1)
forky: resolved (fixed in 1.0.0g-1)
sid: resolved (fixed in 1.0.0g-1)
trixie: resolved (fixed in 1.0.0g-1)
Red Hat
openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix
vendor_redhat·2011-01-18·CVSS 4.3
CVE-2012-0050 [MEDIUM] openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix
openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
Statement: Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, and 6.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl096b (Red Hat Enterprise Linux 4) - Not affected
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Pa
Debian
CVE-2011-4108: openssl - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs ...
vendor_debian·2011·CVSS 4.3
CVE-2011-4108 [MEDIUM] CVE-2011-4108: openssl - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs ...
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
Scope: local
bookworm: resolved (fixed in 1.0.0f-1)
bullseye: resolved (fixed in 1.0.0f-1)
forky: resolved (fixed in 1.0.0f-1)
sid: resolved (fixed in 1.0.0f-1)
trixie: resolved (fixed in 1.0.0f-1)
GHSA
GHSA-g8h7-34h7-3c73: The DTLS implementation in OpenSSL before 0
ghsa_unreviewed·2022-05-17
CVE-2011-4108 [MEDIUM] GHSA-g8h7-34h7-3c73: The DTLS implementation in OpenSSL before 0
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
GHSA
GHSA-ph62-8mr5-rp5w: OpenSSL 0
ghsa_unreviewed·2022-05-04·CVSS 4.3
CVE-2012-0050 [MEDIUM] GHSA-ph62-8mr5-rp5w: OpenSSL 0
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
GHSA
GHSA-8w6j-wjpg-446m: The DTLS implementation in GnuTLS 3
ghsa_unreviewed·2022-05-04·CVSS 4.3
CVE-2012-0390 [MEDIUM] GHSA-8w6j-wjpg-446m: The DTLS implementation in GnuTLS 3
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
OSV
CVE-2012-0050: OpenSSL 0
osv·2012-01-19·CVSS 4.3
CVE-2012-0050 [MEDIUM] CVE-2012-0050: OpenSSL 0
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
OSV
CVE-2011-4108: The DTLS implementation in OpenSSL before 0
osv·2012-01-06·CVSS 4.3
CVE-2011-4108 [MEDIUM] CVE-2011-4108: The DTLS implementation in OpenSSL before 0
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.
OSV
CVE-2012-0390: The DTLS implementation in GnuTLS 3
osv·2012-01-06·CVSS 4.3
CVE-2012-0390 [MEDIUM] CVE-2012-0390: The DTLS implementation in GnuTLS 3
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw-openssl various flaws [fedora-all]
bugzilla·2012-08-08·CVSS 4.3
CVE-2011-4108 [MEDIUM] CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw-openssl various flaws [fedora-all]
CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw-openssl various flaws [fedora-all]
+++ This bug was initially created as a clone of Bug #773330 +++
--- Additional comment from [email protected] on 2012-08-08 03:49:41 EDT ---
mingw*-openssl packages in fedora still on 1.0.0d, while the issues were fixed upstream in 1.0.0f. No backported patches it seems.
Discussion:
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.
(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)
More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZapp
Bugzilla
CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix [fedora-all]
bugzilla·2012-01-19·CVSS 4.3
CVE-2012-0050 [MEDIUM] CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix [fedora-all]
CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/
Bugzilla
CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix
bugzilla·2012-01-18·CVSS 4.3
CVE-2012-0050 [MEDIUM] CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix
CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix
Quoting upstream advisory:
http://www.openssl.org/news/secadv_20120118.txt
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of
service attack. Only DTLS applications using OpenSSL 1.0.0f and
0.9.8s are affected.
The fix for CVE-2011-4108 (bug #771770) introduced a regression that can allow remote attacker to crash DTLS servers using affected OpenSSL version because of an out-of-bounds read. This issue is corrected in OpenSSL 1.0.0g or 0.9.8t.
Upstream fix:
http://cvs.openssl.org/chngview?cn=22032 (0.9.8)
http://cvs.openssl.org/chngview?cn=22037 (1.0.0)
Discussion:
As openssl updates for Red Hat Enterprise Linux addressing CVE-2011-4108 have not been released yet, no released openssl vers
Bugzilla
CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]
bugzilla·2012-01-11·CVSS 4.3
CVE-2011-4108 [MEDIUM] CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]
CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraprojec
Bugzilla
CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [fedora-all]
bugzilla·2012-01-11·CVSS 4.3
CVE-2011-4108 [MEDIUM] CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [fedora-all]
CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 mingw32-openssl various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/upda
Bugzilla
CVE-2012-0390 gnutls: DTLS plaintext recovery attack
bugzilla·2012-01-06·CVSS 4.3
CVE-2012-0390 [MEDIUM] CVE-2012-0390 gnutls: DTLS plaintext recovery attack
CVE-2012-0390 gnutls: DTLS plaintext recovery attack
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain
error-handling code only if there is a specific relationship between a
padding length and the ciphertext size, which makes it easier for
remote attackers to recover partial plaintext via a timing
side-channel attack, a related issue to CVE-2011-4108.
Abstract from the paper:
The Datagram Transport Layer Security (DTLS) proto-
col provides confidentiality and integrity of data exchanged
between a client and a server. We describe an efficient and
full plaintext recovery attack against the OpenSSL imple-
mentation of DTLS, and a partial plaintext recovery attack
against the GnuTLS implementation of DTLS. The attack
against the Op
Bugzilla
CVE-2011-4108 openssl: DTLS plaintext recovery attack
bugzilla·2012-01-04·CVSS 4.3
CVE-2011-4108 [MEDIUM] CVE-2011-4108 openssl: DTLS plaintext recovery attack
CVE-2011-4108 openssl: DTLS plaintext recovery attack
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Nadhem Alfardan and Kenny Paterson have discovered an extension of the
Vaudenay padding oracle attack on CBC mode encryption which enables an
efficient plaintext recovery attack against the OpenSSL implementation
of DTLS. Their attack exploits timing differences arising during
decryption processing. A research paper describing this attack can be
found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
and Michael Tuexen
for preparing the fix.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Refe
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.aschttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlhttp://marc.info/?l=bugtraq&m=132750648501816&w=2http://marc.info/?l=bugtraq&m=133951357207000&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://secunia.com/advisories/48528http://secunia.com/advisories/57260http://secunia.com/advisories/57353http://support.apple.com/kb/HT5784http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://www.debian.org/security/2012/dsa-2390http://www.isg.rhul.ac.uk/~kp/dtls.pdfhttp://www.kb.cert.org/vuls/id/737740http://www.mandriva.com/security/advisories?name=MDVSA-2012:006http://www.mandriva.com/security/advisories?name=MDVSA-2012:007http://www.openssl.org/news/secadv_20120104.txthttps://security.paloaltonetworks.com/CVE-2011-4108http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.aschttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlhttp://marc.info/?l=bugtraq&m=132750648501816&w=2http://marc.info/?l=bugtraq&m=133951357207000&w=2http://marc.info/?l=bugtraq&m=134039053214295&w=2http://rhn.redhat.com/errata/RHSA-2012-1306.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1307.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1308.htmlhttp://secunia.com/advisories/48528http://secunia.com/advisories/57260http://secunia.com/advisories/57353http://support.apple.com/kb/HT5784http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564http://www.debian.org/security/2012/dsa-2390http://www.isg.rhul.ac.uk/~kp/dtls.pdfhttp://www.kb.cert.org/vuls/id/737740http://www.mandriva.com/security/advisories?name=MDVSA-2012:006http://www.mandriva.com/security/advisories?name=MDVSA-2012:007http://www.openssl.org/news/secadv_20120104.txthttps://security.paloaltonetworks.com/CVE-2011-4108
2012-01-06
Published