info@unhackable.org Phone: +877 547 3638

OpenSSL Still vulnerable, fix CVE-2012-2110 not sufficient!

It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 and referenced in this post on unhackable, was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct […]

Read More »

OpenSSL Vulnerabilities – CVE-2012-2110, CVE-2006-7250, CVE-2012-1165

Summary: An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. Software Description: – openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use […]

Read More »