Executive Summary

Informations
NameCVE-2011-4109First vendor Publication2012-01-05
VendorCveLast vendor Modification2013-09-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20817
 
Oval ID: oval:org.mitre.oval:def:20817
Title: Multiple OpenSSL vulnerabilities
Description: Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4109
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20511
 
Oval ID: oval:org.mitre.oval:def:20511
Title: VMware vSphere and vCOps updates to third party libraries
Description: Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4109
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19733
 
Oval ID: oval:org.mitre.oval:def:19733
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
Description: Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4109
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application19

OpenVAS Exploits

DateDescription
2012-08-31Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
File : nvt/gb_VMSA-2012-0013.nasl
2012-08-10Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD19.nasl
2012-08-03Name : Mandriva Update for openssl MDVSA-2012:007 (openssl)
File : nvt/gb_mandriva_MDVSA_2012_007.nasl
2012-07-30Name : CentOS Update for openssl CESA-2012:0060 centos5
File : nvt/gb_CESA-2012_0060_openssl_centos5.nasl
2012-07-30Name : CentOS Update for openssl CESA-2012:0426 centos5
File : nvt/gb_CESA-2012_0426_openssl_centos5.nasl
2012-07-30Name : CentOS Update for openssl CESA-2012:0426 centos6
File : nvt/gb_CESA-2012_0426_openssl_centos6.nasl
2012-03-29Name : RedHat Update for openssl RHSA-2012:0426-01
File : nvt/gb_RHSA-2012_0426-01_openssl.nasl
2012-03-12Name : Gentoo Security Advisory GLSA 201203-12 (openssl)
File : nvt/glsa_201203_12.nasl
2012-02-13Name : Ubuntu Update for openssl USN-1357-1
File : nvt/gb_ubuntu_USN_1357_1.nasl
2012-02-12Name : FreeBSD Ports: openssl
File : nvt/freebsd_openssl6.nasl
2012-02-11Name : Debian Security Advisory DSA 2390-1 (openssl)
File : nvt/deb_2390_1.nasl
2012-01-25Name : RedHat Update for openssl RHSA-2012:0060-01
File : nvt/gb_RHSA-2012_0060-01_openssl.nasl
2012-01-20Name : Mandriva Update for openssl MDVSA-2012:006 (openssl)
File : nvt/gb_mandriva_MDVSA_2012_006.nasl
2012-01-20Name : OpenSSL Multiple Vulnerabilities
File : nvt/gb_openssl_51281.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
78187OpenSSL X509_V_FLAG_POLICY_CHECK Double-free Unspecified Weakness

Information Assurance Vulnerability Management (IAVM)

DateDescription
2012-09-27IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0
Severity : Category I - VMSKEY : V0033884
2012-09-13IAVM : 2012-B-0086 - VMware vCenter Operations Arbitrary File Overwrite Vulnerability
Severity : Category I - VMSKEY : V0033791
2012-09-13IAVM : 2012-A-0146 - Multiple Vulnerabilities in VMware vCenter Update Manager 4.1
Severity : Category I - VMSKEY : V0033792
2012-09-13IAVM : 2012-A-0147 - Multiple Vulnerabilities in VMware vCenter Server 4.1
Severity : Category I - VMSKEY : V0033793
2012-09-13IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0033794

Nessus® Vulnerability Scanner

DateDescription
2014-04-16Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory3.nasl - Type : ACT_GATHER_INFO
2014-04-16Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO
2013-07-29Name : The remote host has a virtualization appliance installed that is affected by ...
File : vcenter_operations_manager_vmsa_2012-0013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0426.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0060.nasl - Type : ACT_GATHER_INFO
2013-06-17Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2012-0013.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_4.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-002.nasl - Type : ACT_GATHER_INFO
2012-09-06Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-007.nasl - Type : ACT_GATHER_INFO
2012-08-31Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120124_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2ae114dec06411e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO
2012-03-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0426.nasl - Type : ACT_GATHER_INFO
2012-03-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0426.nasl - Type : ACT_GATHER_INFO
2012-03-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201203-12.nasl - Type : ACT_GATHER_INFO
2012-02-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1357-1.nasl - Type : ACT_GATHER_INFO
2012-01-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0060.nasl - Type : ACT_GATHER_INFO
2012-01-25Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0060.nasl - Type : ACT_GATHER_INFO
2012-01-17Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-120111.nasl - Type : ACT_GATHER_INFO
2012-01-17Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-7923.nasl - Type : ACT_GATHER_INFO
2012-01-17Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-006.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_78cc8a463e5611e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO
2012-01-16Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2390.nasl - Type : ACT_GATHER_INFO
2012-01-09Name : The remote web server has multiple SSL-related vulnerabilities.
File : openssl_0_9_8s.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
CERT-VNhttp://www.kb.cert.org/vuls/id/737740
CONFIRMhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
http://support.apple.com/kb/HT5784
http://www.openssl.org/news/secadv_20120104.txt
DEBIANhttp://www.debian.org/security/2012/dsa-2390
HPhttp://marc.info/?l=bugtraq&m=132750648501816&w=2
http://marc.info/?l=bugtraq&m=132750648501816&w=2
http://marc.info/?l=bugtraq&m=134039053214295&w=2
http://marc.info/?l=bugtraq&m=134039053214295&w=2
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:006
http://www.mandriva.com/security/advisories?name=MDVSA-2012:007
REDHAThttp://rhn.redhat.com/errata/RHSA-2012-1306.html
http://rhn.redhat.com/errata/RHSA-2012-1307.html
http://rhn.redhat.com/errata/RHSA-2012-1308.html
SECUNIAhttp://secunia.com/advisories/48528
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html
XFhttp://xforce.iss.net/xforce/xfdb/72129

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2014-04-17 13:25:36
  • Multiple Updates
2014-02-17 11:05:59
  • Multiple Updates
2013-11-11 12:39:38
  • Multiple Updates
2013-09-12 13:19:54
  • Multiple Updates
2013-06-06 13:26:59
  • Multiple Updates
2013-05-10 23:10:05
  • Multiple Updates