OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
BID:51563
Info
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
| Bugtraq ID: | 51563 |
| Class: | Design Error |
| CVE: |
CVE-2012-0050 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 18 2012 12:00AM |
| Updated: | May 07 2015 05:12PM |
| Credit: | Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. |
| Vulnerable: |
VMWare ESXi 5.0 VMWare ESXi 4.1 VMWare ESXi 4.0 VMWare ESXi 3.5 VMWare ESX 4.1 VMWare ESX 4.0 VMWare ESX 3.5 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server 10 SP3 LTSS Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 OpenSSL Project OpenSSL 1.0.0f OpenSSL Project OpenSSL 0.9.8s Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 IBM Vios 2.1 IBM Vios 2.0 IBM Vios 1.5 IBM Vios 1.4 IBM Vios 1.1 IBM Tivoli Netcool/OMNIbus 7.3 IBM AIX 7.1 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 HP SSL for OpenVMS 1.4-453 HP SSL for OpenVMS 1.4 HP SSL for OpenVMS 1.3 HP Onboard Administrator 3.50 HP HP-UX B.11.31 HP HP-UX B.11.11 Gentoo Linux Avaya 96x1 IP Deskphone 6.2 Avaya 96x1 IP Deskphone 6 Apple Mac Os X Server 10.7.4 Apple Mac Os X Server 10.7.3 Apple Mac Os X Server 10.7.1 Apple Mac Os X Server 10.7 Apple Mac Os X Server 10.6.8 Apple Mac Os X 10.7.4 Apple Mac Os X 10.7.3 Apple Mac Os X 10.7.2 Apple Mac Os X 10.7.1 |
| Not Vulnerable: |
OpenSSL Project OpenSSL 1.0.0g OpenSSL Project OpenSSL 0.9.8t |
Discussion
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
OpenSSL is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL versions 1.0.0f and 0.9.8s are vulnerable.
OpenSSL is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
OpenSSL versions 1.0.0f and 0.9.8s are vulnerable.
Exploit / POC
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution / Fix
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
Solution:
Updates are available. Please see the references for more information.
Apple Mac OS X 10.6.8
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references for more information.
Apple Mac OS X 10.6.8
-
Apple SecUpdSrvr2013-002.dmg
For Mac OS X Server v10.6.8
http://www.apple.com/support/downloads/
MandrakeSoft Enterprise Server 5
-
Mandriva libopenssl0.9.8-0.9.8h-3.13mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libopenssl0.9.8-devel-0.9.8h-3.13mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libopenssl0.9.8-static-devel-0.9.8h-3.13mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva openssl-0.9.8h-3.13mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva libopenssl-devel-1.0.0d-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libopenssl-engines1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libopenssl-static-devel-1.0.0d-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libopenssl1.0.0-1.0.0d-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva openssl-1.0.0d-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
References:
References:
- HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service ( (HP)
- IBM Netcool System Service Monitor SSM 4.0 Fix Pack 1 README Netcool/System Serv (IBM)
- IBM Netcool System Service Monitor SSM 4.0 Fix Pack 14 README Netcool/System Ser (IBM)
- IBM Product Security Incident Response Blog (IBM)
- OpenSSL Fix Download Page (IBM)
- OpenSSL Project (OpenSSL Project)
- Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Servic (IBM)
- Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Servic (IBM)
- About the security content of OS X Mountain Lion v10.8.4 and Security Update 201 (Apple)
- ASA-2012-197 Wind River Linux openssl Security Update (WIND00330866) (Avaya)
- DTLS DoS attack (CVE-2012-0050) (OpenSSL)
- GSKit Security Vulnerabilities addressed in IBM Tivoli Netcool OMNIbus (IBM)
- GSKit Security Vulnerabilities addressed in IBM Tivoli Network Manager 3.8 and 3 (IBM)
- HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities (IBM)
- HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorize (HP)
- HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (HP)
- IBM Security Advisore swg21619837 (IBM)
- IBM Tivoli Composite Application Manager for Transactions Internet Service Monit (IBM)
- IBM Tivoli Network Manager IP 3.8.0 Fix Pack 7, 3.8.0-TIV-ITNMIP-FP0007 (IBM)
- IBM Tivoli Network Manager IP 3.9.0 Fix Pack 3, 3.9.0-TIV-ITNMIP-FP0003 (IBM)
- Multiple OpenSSL vulnerabilities (IBM)
- Security Bulletin: IBM Endpoint Manager for Remote Control is affected by multip (IBM)
- Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected (IBM)
- Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multi (IBM)
- Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple (IBM)
- Security Bulletin: IBM Tivoli Composite Application Monitoring for Transactions (IBM)
- Security Bulletin: OpenSSL vulnerability issues for IBM Cloudburst (IBM)
- Security Bulletin: OpenSSL vulnerability issues for IBM Service Delivery Manager (IBM)
- Security Bulletin: Tivoli Endpoint Manager for Remote Control is affected by mul (IBM)
- Security Bulletin: Tivoli Remote Control is affected by multiple OpenSSL vulnera (IBM)
- sol15417: OpenSSL vulnerability CVE-2012-0050 (F5 Networks)
- Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities (IBM)
- Tivoli Workload Scheduler Openssl Multiple Vulnerabilities (IBM)
- VMSA-2012-0013 (VMWare)