Skip Ribbon Commands
Skip to main content
Mauritian National Computer Security Incident Response Team (CERT-MU)

CERT-MU AD-2012-23

OpenSSL Multiple Vulnerabilities
Original issue date: April 19, 2011
Updated: May 17, 2012
Severity Rating:High
Overview
Multiple vulnerabilities have been identified in OpenSSL and they can be exploited by remote attackers to bypass security restrictions, crash the application and cause execution of arbitrary code on affected systems. OpenSSL has released an update to address these vulnerabilities.
Description
Multiple vulnerabilities have been identified in OpenSSL and they can be exploited by remote attackers to bypass security restrictions, crash the application and cause execution of arbitrary code on affected systems. The vulnerabilities reported are as follows:
1.     A memory corruption vulnerability is caused because of integer-truncation errors. This can be exploited by remote attackers to execute arbitrary code in the context of the application using the vulnerable library.
2.     A security bypass vulnerability exists and it can be exploited to perform unauthorized actions.
3.     A remote denial of service vulnerability is caused because it fails to properly access certain maliciously crafted S/MIME messages. This can be exploited by remote attackers to crash the application, which uses the library, thus denying service to legitimate users.
OpenSSL has released an update to address these vulnerabilities.
Affected Systems
  • Ubuntu Ubuntu Linux 8.04 LTS sparc
  • Ubuntu Ubuntu Linux 8.04 LTS powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS lpia
  • Ubuntu Ubuntu Linux 8.04 LTS i386
  • Ubuntu Ubuntu Linux 8.04 LTS amd64
  • Ubuntu Ubuntu Linux 11.10 i386
  • Ubuntu Ubuntu Linux 11.10 amd64
  • Ubuntu Ubuntu Linux 11.04 powerpc
  • Ubuntu Ubuntu Linux 11.04 i386
  • Ubuntu Ubuntu Linux 11.04 ARM
  • Ubuntu Ubuntu Linux 11.04 amd64
  • Ubuntu Ubuntu Linux 10.04 sparc
  • Ubuntu Ubuntu Linux 10.04 powerpc
  • Ubuntu Ubuntu Linux 10.04 i386
  • Ubuntu Ubuntu Linux 10.04 ARM
  • Ubuntu Ubuntu Linux 10.04 amd64
  • SuSE SUSE Linux Enterprise Server for VMware 11 SP1
  • SuSE SUSE Linux Enterprise Server 11 SP2
List of other affected systems are available on:
 
Solution
Users are advised to apply updates.
More information about the update is available on:
CVE Information
References
Security Focus
Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
E-mail:


Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis