OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
BID:52428
Info
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
| Bugtraq ID: | 52428 |
| Class: | Unknown |
| CVE: |
CVE-2012-0884 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 12 2012 12:00AM |
| Updated: | Apr 13 2015 09:54PM |
| Credit: | Ivan Nestlerode |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 RedHat Enterprise Linux Desktop Workstation 5 client Red Hat JBoss Enterprise Web Server for Windows 1.0.2 Red Hat JBoss Enterprise Web Server for Solaris 1.0.2 Red Hat JBoss Enterprise Application Platform 5.1.2 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 OpenSSL Project OpenSSL 1.0.2 OpenSSL Project OpenSSL 1.0 beta3 OpenSSL Project OpenSSL 1.0 Beta2 OpenSSL Project OpenSSL 1.0 beta1 OpenSSL Project OpenSSL 1.0 OpenSSL Project OpenSSL 0.9.8 k OpenSSL Project OpenSSL 0.9.8 j OpenSSL Project OpenSSL 0.9.8 i OpenSSL Project OpenSSL 0.9.8 h OpenSSL Project OpenSSL 0.9.8 e OpenSSL Project OpenSSL 0.9.8 d OpenSSL Project OpenSSL 0.9.8 c OpenSSL Project OpenSSL 0.9.8 b OpenSSL Project OpenSSL 0.9.8 a OpenSSL Project OpenSSL 0.9.8 OpenSSL Project OpenSSL 0.9.7 m OpenSSL Project OpenSSL 0.9.7 l OpenSSL Project OpenSSL 0.9.7 k OpenSSL Project OpenSSL 0.9.7 j OpenSSL Project OpenSSL 0.9.7 i OpenSSL Project OpenSSL 0.9.7 h OpenSSL Project OpenSSL 0.9.7 g OpenSSL Project OpenSSL 0.9.7 f OpenSSL Project OpenSSL 0.9.7 e OpenSSL Project OpenSSL 0.9.7 d OpenSSL Project OpenSSL 0.9.7 c OpenSSL Project OpenSSL 0.9.7 beta3 OpenSSL Project OpenSSL 0.9.7 beta2 OpenSSL Project OpenSSL 0.9.7 beta1 OpenSSL Project OpenSSL 0.9.7 b OpenSSL Project OpenSSL 0.9.7 a OpenSSL Project OpenSSL 0.9.7 OpenSSL Project OpenSSL 0.9.6 m OpenSSL Project OpenSSL 0.9.6 l OpenSSL Project OpenSSL 0.9.6 k OpenSSL Project OpenSSL 0.9.6 j OpenSSL Project OpenSSL 0.9.6 i OpenSSL Project OpenSSL 0.9.6 h OpenSSL Project OpenSSL 0.9.6 g OpenSSL Project OpenSSL 0.9.6 f OpenSSL Project OpenSSL 0.9.6 e OpenSSL Project OpenSSL 0.9.6 d OpenSSL Project OpenSSL 0.9.6 c OpenSSL Project OpenSSL 0.9.6 b-36.8 OpenSSL Project OpenSSL 0.9.6 b OpenSSL Project OpenSSL 0.9.6 a OpenSSL Project OpenSSL 0.9.6 OpenSSL Project OpenSSL 0.9.5 a OpenSSL Project OpenSSL 0.9.5 OpenSSL Project OpenSSL 0.9.4 OpenSSL Project OpenSSL 0.9.3 OpenSSL Project OpenSSL 0.9.2 b OpenSSL Project OpenSSL 0.9.1 c OpenSSL Project OpenSSL 1.0.0g OpenSSL Project OpenSSL 1.0.0f OpenSSL Project OpenSSL 1.0.0e OpenSSL Project OpenSSL 1.0.0d OpenSSL Project OpenSSL 1.0.0c OpenSSL Project OpenSSL 1.0.0b OpenSSL Project OpenSSL 1.0.0b OpenSSL Project OpenSSL 1.0.0A OpenSSL Project OpenSSL 1.0.0a OpenSSL Project OpenSSL 1.0.0 Beta5 OpenSSL Project OpenSSL 1.0.0 Beta4 OpenSSL Project OpenSSL 0.9.8t OpenSSL Project OpenSSL 0.9.8s OpenSSL Project OpenSSL 0.9.8R OpenSSL Project OpenSSL 0.9.8Q OpenSSL Project OpenSSL 0.9.8p OpenSSL Project OpenSSL 0.9.8p OpenSSL Project OpenSSL 0.9.8O OpenSSL Project OpenSSL 0.9.8o OpenSSL Project OpenSSL 0.9.8n OpenSSL Project OpenSSL 0.9.8N OpenSSL Project OpenSSL 0.9.8M OpenSSL Project OpenSSL 0.9.8m OpenSSL Project OpenSSL 0.9.8l OpenSSL Project OpenSSL 0.9.8g OpenSSL Project OpenSSL 0.9.8f OpenSSL Project OpenSSL 0.9.8 f Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 IBM Virtual I/O Server (VIOS) 2.1 IBM Virtual I/O Server (VIOS) 2.2 IBM Virtual I/O Server (VIOS) 2.1 IBM Virtual I/O Server (VIOS) 2.0 IBM Virtual I/O Server 2.1.3 IBM Virtual I/O Server 2.1.2 IBM Tivoli Netcool/OMNIbus 7.3 IBM Aix 7.1.1 IBM Aix 7.1 IBM Aix 6.1.7 IBM Aix 6.1.6 IBM AIX 6.1.5 IBM AIX 6.1.4 IBM AIX 6.1.3 IBM AIX 6.1.2 IBM AIX 6.1.1 IBM AIX 5.3.10 IBM AIX 5.3.9 IBM AIX 5.3.8 IBM AIX 5.3.7 IBM AIX 5.3 L IBM AIX 7.1 IBM AIX 6.2 IBM AIX 6.1 IBM AIX 5.3.12 IBM Aix 5.3.12 IBM AIX 5.3.11 IBM AIX 5.3 HP SSL for OpenVMS 1.4-453 HP SSL for OpenVMS 1.4 HP SSL for OpenVMS 1.3 HP Onboard Administrator 3.50 HP HP-UX B.11.31 HP HP-UX B.11.11 Gentoo Linux FreeBSD Freebsd 9.0-STABLE FreeBSD Freebsd 9.0-RELEASE FreeBSD Freebsd 8.3-STABLE FreeBSD Freebsd 8.2-STABLE FreeBSD Freebsd 8.2-STABLE FreeBSD Freebsd 8.2 FreeBSD Freebsd 8.1 FreeBSD Freebsd 7.4-STABLE FreeBSD Freebsd 7.4 BSD Perimeter pfSense 2.0.1 BSD Perimeter pfSense 2.0 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.2 SP2 Avaya Meeting Exchange 5.2 SP1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya IP Office Application Server 6.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura SIP Enablement Services 5.2.1 Avaya Aura SIP Enablement Services 5.2 Avaya Aura SIP Enablement Services 5.1 Avaya Aura SIP Enablement Services 5.0 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 |
| Not Vulnerable: |
OpenSSL Project OpenSSL 1.0.0h 0 OpenSSL Project OpenSSL 0.9.8u 0 |
References
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
References:
References:
- CMS and S/MIME Bleichenbacher attack (CVE-2012-0884) (OpenSSL)
- Fiery Homepage (EFI)
- IBM Netcool System Service Monitor SSM 4.0 Fix Pack 1 README Netcool/System Serv (IBM)
- IBM Netcool System Service Monitor SSM 4.0 Fix Pack 14 README Netcool/System Ser (IBM)
- IBM Product Security Incident Response Blog (IBM)
- OpenSSL Project (OpenSSL Project)
- pfSense 2.0.2 Release Now Available (BSD Perimeter)
- Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Servic (IBM)
- Security Bulletin: IBM Tivoli Netcool System Service Monitors/Application Servic (IBM)
- 2014-11 Security Bulletin: Junos Space: Multiple vulnerabilities resolved by thi (Juniper)
- ASA-2012-207 openssl security and bug fix update (RHSA-2012-0426) (Avaya)
- GSKit Security Vulnerabilities addressed in IBM Tivoli Netcool OMNIbus (IBM)
- GSKit Security Vulnerabilities addressed in IBM Tivoli Network Manager 3.8 and 3 (IBM)
- HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities (IBM)
- HPSBMU02776 SSRT100852 rev.1 - HP Onboard Administrator (OA), Remote Unauthorize (HP)
- HPSBOV02793 SSRT100891 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (HP)
- IBM Informix Genero affected by multiple vulnerabilities in OpenSSL (IBM)
- IBM Security Advisore swg21619837 (IBM)
- IBM Tivoli Composite Application Manager for Transactions Internet Service Monit (IBM)
- IBM Tivoli Network Manager IP 3.8.0 Fix Pack 7, 3.8.0-TIV-ITNMIP-FP0007 (IBM)
- IBM Tivoli Network Manager IP 3.9.0 Fix Pack 3, 3.9.0-TIV-ITNMIP-FP0003 (IBM)
- Multiple OpenSSL vulnerabilities (IBM)
- RHSA-2012:1306 openssl security update (Red Hat)
- RHSA-2012:1307 openssl security update (Red Hat)
- RHSA-2012:1308 openssl security update (Red Hat)
- Security Bulletin: IBM Endpoint Manager for Remote Control is affected by multip (IBM)
- Security Bulletin: IBM Smart Analytics System 7600, 7700, and 7710 are affected (IBM)
- Security Bulletin: IBM Sterling Connect:Enterprise for UNIX is affected by multi (IBM)
- Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple (IBM)
- Security Bulletin: IBM Tivoli Composite Application Monitoring for Transactions (IBM)
- Security Bulletin: OpenSSL vulnerability issues for IBM Cloudburst (IBM)
- Security Bulletin: OpenSSL vulnerability issues for IBM Service Delivery Manager (IBM)
- Security Bulletin: Tivoli Endpoint Manager for Remote Control is affected by mul (IBM)
- Security Bulletin: Tivoli Remote Control is affected by multiple OpenSSL vulnera (IBM)
- Storage HMC OpenSSL upgrade to address cryptographic vulnerabilities (IBM)
- Tivoli Workload Scheduler Openssl Multiple Vulnerabilities (IBM)
- VU#737740: Fiery 2.0 print controllers use a vulnerable version of OpenSSL (US-CERT)