Red Hat Customer Portal

Skip to main content

CVE-2012-0884

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

Details Source

Mitre

Public Date

2012-03-12 00:00:00

Impact

Low

Bugzilla

CVE-2012-0884 openssl: CMS and PKCS#7 Bleichenbacher attack

Bugzilla ID

802 725

CVSS Status

verified

Base Score

2.60

Base Metrics

AV:N/AC:H/Au:N/C:P/I:N/A:N

External References

http://www.openssl.org/news/secadv_20120312.txt

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 6.0 RHSA-2012:1308 2012-09-24
Red Hat JBoss Enterprise Application Platform 5.1 RHSA-2012:1307 2012-09-24
Red Hat JBoss Web Server 1.0 RHSA-2012:1306 2012-09-24
Red Hat Enterprise Linux 5 (openssl) RHSA-2012:0426 2012-03-27
Red Hat Enterprise Linux 6 (openssl) RHSA-2012:0426 2012-03-27

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 openssl098e Will not fix
Red Hat Enterprise Linux 5 openssl097a Will not fix
Red Hat Enterprise Linux 4 openssl Will not fix
Red Hat Enterprise Linux 4 openssl096b Will not fix
Red Hat Enterprise Linux 3 openssl Will not fix
Red Hat Enterprise Linux 3 openssl096b Will not fix