CVE Database

CVE-2011-4619

Impact: Moderate
Public: 2012-01-04
Bugzilla: 771780: CVE-2011-4619 openssl: SGC restart DoS attack
IAVA: 2012-A-0153

Details

The MITRE CVE dictionary describes this issue as:

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

Find out more about CVE-2011-4619 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 4.3
Base Metrics: AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
RHEV Hypervisor for RHEL-5 (rhev-hypervisor5) RHSA-2012:0168 February 21, 2012
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2012:0109 February 15, 2012
Red Hat Enterprise Linux version 4 (openssl) RHSA-2012:0086 February 01, 2012
Red Hat Enterprise Linux version 5 (openssl) RHSA-2012:0060 January 24, 2012
Red Hat Enterprise Linux version 6 (openssl) RHSA-2012:0059 January 24, 2012
Red Hat JBoss Enterprise Application Platform 5.1 (openssl) RHSA-2012:1307 September 24, 2012
Red Hat JBoss Enterprise Application Platform 6.0 (openssl) RHSA-2012:1308 September 24, 2012
Red Hat JBoss Web Server 1.0 RHSA-2012:1306 September 24, 2012

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.