You are here

CVE-2011-3207

Vincent (CVE) Danen's picture
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past.

Details Source

Mitre

Statement

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 5, openssl096b as shipped with Red Hat Enterprise Linux 4, openssl097a as shipped with Red Hat Enterprise Linux 5, or openssl098e as shipped with Red Hat Enterprise Linux 6.

Public Date

2011-09-06 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-3207 openssl: CRL verification vulnerability

Bugzilla ID

736 087

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:P/A:N

External References

http://www.openssl.org/news/secadv_20110906.txt

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (openssl) RHSA-2011:1409 2011-10-26

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openssl098e Not affected
Red Hat Enterprise Linux 5 openssl097a Not affected
Red Hat Enterprise Linux 5 openssl Not affected
Red Hat Enterprise Linux 4 openssl Not affected
Red Hat Enterprise Linux 4 openssl096b Not affected