info@unhackable.org Phone: +877 547 3638

CVE-2016-0800: DROWN OpenSSL vulnerability / SSLv2 disabled

OpenSSL Security Advisory [1st March 2016] ========================================= NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as well as removing SSLv2 EXPORT ciphers. We strongly advise against the use of SSLv2 due not only to the issues described below, but to the other known deficiencies in the protocol as described at https://tools.ietf.org/html/rfc6176 […]

Read More »

OpenSSL Still vulnerable, fix CVE-2012-2110 not sufficient!

It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 and referenced in this post on unhackable, was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct […]

Read More »

OpenSSL Vulnerabilities – CVE-2012-2110, CVE-2006-7250, CVE-2012-1165

Summary: An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. Software Description: – openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use […]

Read More »

Vulnerabilities discovered in OpenSSL <0.9.8u and 1.x before 1.0.0h

Multiple vulnerabilities has been found and corrected in openssl: The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack (CVE-2012-0884). […]

Read More »

Moderate: openssl security update

Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the […]

Read More »