ID

VAR-201201-0314


CVE

CVE-2011-4619


TITLE

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

Trust: 0.8

sources: CERT/CC: VU#737740

DESCRIPTION

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL prone to multiple security vulnerabilities. An attacker may leverage these issues to obtain sensitive information, cause a denial-of-service condition and perform unauthorized actions. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "server/[PROFILE]/deploy/" directory, along with all other customized configuration files. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Application Platform installation (including all applications and configuration files). JBoss server instances configured to use the Tomcat Native library must be restarted for this update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-hypervisor5 security and bug fix update Advisory ID: RHSA-2012:0168-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0168.html Issue date: 2012-02-21 CVE Names: CVE-2011-4109 CVE-2011-4576 CVE-2011-4619 CVE-2012-0029 CVE-2012-0207 ===================================================================== 1. Summary: An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV Hypervisor for RHEL-5 - noarch 3. Description: The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4619) Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers: CVE-2006-1168 and CVE-2011-2716 (busybox issues) CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues) CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues) CVE-2011-1526 (krb5 issue) CVE-2011-4347 (kvm issue) CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues) CVE-2011-1749 (nfs-utils issue) CVE-2011-4108 (openssl issue) CVE-2011-0010 (sudo issue) CVE-2011-1675 and CVE-2011-1677 (util-linux issues) CVE-2010-0424 (vixie-cron issue) This updated rhev-hypervisor5 package fixes various bugs. Documentation of these changes will be available shortly in the Technical Notes document: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 606191 - after upgrade , reboot can't shut off network successfully and back to firstboot menu again 627538 - System will not boot sometimes when using rhevm to do upgrade twice. 650179 - rhevm bridge came up instead of breth0 after fail to configure network 675325 - Changes to networking always clear the contents of resolv.conf 696875 - RHEVH bootup hanging in ovirt-early when doing LVM scanning 717535 - [RFE] No confirm message for ntp server setting 728895 - RHEV-H rpm should include a versions text file 732948 - CCISS: Auto install fail at creating physical volume. 734110 - rhevh - upgrade ovirt node fails due to nonexistent breth0 734480 - [RFE] Add virt-who package to RHEVH 734710 - Register RHN satellite will fail if RHN satellite password include space. 740127 - Provide our CPE name in a new system file 743938 - Make rhev-hypervisor RPM multi-installable like the kernel 747519 - RHEV-H 5.8 register to RHN will fail. 747647 - Change rhev-hypervisor RPM to be rhev-hypervisor5 to allow coinstallations with rhev-hypervisor6 756178 - remove redundant brcm-iscsi.log rotation from ovirt-node now that it is in iscsi-initiator-utils 758465 - RHEV-H 5.8 register to RHN will fail if password contains quotes or spaces 759462 - Can not retrieve running guests UUID in RHEVH node. 759632 - virt-who debugging output going to stderr always 759635 - Revert workaround of virt-who output 761357 - Multipathd service is stopped by default cause change password failed in single mode. 768256 - network layout is incorrect when configure network with nic up 771771 - CVE-2011-4109 openssl: double-free in policy checks 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 772075 - CVE-2012-0029 qemu-kvm: e1000: process_tx_desc legacy mode packets heap overflow 772867 - CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries 783625 - The setup command should only allow password setting and viewing logs in single mode. 6. Package List: RHEV Hypervisor for RHEL-5: noarch: rhev-hypervisor5-5.8-20120202.0.el5.noarch.rpm rhev-hypervisor5-tools-5.8-20120202.0.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-4109.html https://www.redhat.com/security/data/cve/CVE-2011-4576.html https://www.redhat.com/security/data/cve/CVE-2011-4619.html https://www.redhat.com/security/data/cve/CVE-2012-0029.html https://www.redhat.com/security/data/cve/CVE-2012-0207.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPQ1yHXlSAg2UNWIIRAl9/AJ9JmPpSO5U2xwDBKDZA8y5To8EVcwCfZFGN bzF952CZ/r5T3LUF9kY6X8c= =IdNq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:01.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2012-05-03 Credits: Adam Langley, George Kadianakis, Ben Laurie, Ivan Nestlerode, Tavis Ormandy Affects: All supported versions of FreeBSD. Corrected: 2012-05-03 15:25:11 UTC (RELENG_7, 7.4-STABLE) 2012-05-03 15:25:11 UTC (RELENG_7_4, 7.4-RELEASE-p7) 2012-05-03 15:25:11 UTC (RELENG_8, 8.3-STABLE) 2012-05-03 15:25:11 UTC (RELENG_8_3, 8.3-RELEASE-p1) 2012-05-03 15:25:11 UTC (RELENG_8_2, 8.2-RELEASE-p7) 2012-05-03 15:25:11 UTC (RELENG_8_1, 8.1-RELEASE-p9) 2012-05-03 15:25:11 UTC (RELENG_9, 9.0-STABLE) 2012-05-03 15:25:11 UTC (RELENG_9_0, 9.0-RELEASE-p1) CVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. This could include sensitive contents of previously freed memory. [CVE-2011-4109] A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884] The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110] III. Impact Sensitive contents of the previously freed memory can be exposed when communicating with a SSL 3.0 peer. However, FreeBSD OpenSSL version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer than any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue. [CVE-2011-4619] The double-free, when an application performs X509 certificate policy checking, can lead to denial of service in that application. [CVE-2011-4109] A weakness in the OpenSSL PKCS #7 code can lead to a successful Bleichenbacher attack. Only users of PKCS #7 decryption operations are affected. A successful attack needs on average 2^20 messages. In practice only automated systems will be affected as humans will not be willing to process this many messages. SSL/TLS applications are not affected. [CVE-2012-0884] The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead to a potentially exploitable attack via buffer overflow. The SSL/TLS code in OpenSSL is not affected by this issue, nor are applications using the memory based ASN.1 functions. There are no applications in FreeBSD base system affected by this issue, though some 3rd party consumers of these functions might be vulnerable when processing untrusted ASN.1 data. [CVE-2012-2110] IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1, and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-12:01/openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in <URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the system. NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - - ------------------------------------------------------------------------- RELENG_7 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.2 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.2 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.2 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.2.1 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.2 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.3 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.7 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.3 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.2 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.2 RELENG_7_4 src/UPDATING 1.507.2.36.2.9 src/sys/conf/newvers.sh 1.72.2.18.2.12 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.1.2.1 src/crypto/openssl/crypto/mem.c 1.1.1.8.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.1.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.20.1 src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.1.2.1 src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.2.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.5.2.1 src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.2.2.1 src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.1.2.1 src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.1.2.1 RELENG_8 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.2 src/crypto/openssl/crypto/mem.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.2.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.2 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.10.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.2.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.5 src/crypto/openssl/ssl/ssl.h 1.2.2.2 src/crypto/openssl/ssl/s3_enc.c 1.2.2.2 src/crypto/openssl/ssl/ssl3.h 1.2.2.2 RELENG_8_3 src/UPDATING 1.632.2.26.2.3 src/sys/conf/newvers.sh 1.83.2.15.2.5 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.4.1 src/crypto/openssl/crypto/mem.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.14.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.6.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.26.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.14.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.4.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.6.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.4.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.6.1 RELENG_8_2 src/UPDATING 1.632.2.19.2.9 src/sys/conf/newvers.sh 1.83.2.12.2.12 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.2.1 src/crypto/openssl/crypto/mem.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.8.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.18.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.8.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.3.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.4.1 src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.2.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.4.1 RELENG_8_1 src/UPDATING 1.632.2.14.2.12 src/sys/conf/newvers.sh 1.83.2.10.2.13 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.16.1 src/crypto/openssl/crypto/mem.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.6.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.16.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.6.1 src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.2.2.1 src/crypto/openssl/ssl/ssl.h 1.2.2.1.2.1 src/crypto/openssl/ssl/s3_enc.c 1.2.6.1 src/crypto/openssl/ssl/ssl3.h 1.2.2.1.2.1 RELENG_9 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.2.1 src/crypto/openssl/crypto/mem.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.10.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.2.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.22.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.10.1 src/crypto/openssl/ssl/ssl_err.c 1.3.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.2.1 src/crypto/openssl/ssl/ssl.h 1.3.2.1 src/crypto/openssl/ssl/s3_enc.c 1.3.2.1 src/crypto/openssl/ssl/ssl3.h 1.3.2.1 RELENG_9_0 src/UPDATING 1.702.2.4.2.3 src/sys/conf/newvers.sh 1.95.2.4.2.5 src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.4.1 src/crypto/openssl/crypto/mem.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.12.1 src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.4.1 src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.24.1 src/crypto/openssl/crypto/buffer/buffer.c 1.2.12.1 src/crypto/openssl/ssl/ssl_err.c 1.3.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.7.4.1 src/crypto/openssl/ssl/ssl.h 1.3.4.1 src/crypto/openssl/ssl/s3_enc.c 1.3.4.1 src/crypto/openssl/ssl/ssl3.h 1.3.4.1 - - ------------------------------------------------------------------------- Subversion: Branch/path Revision - - ------------------------------------------------------------------------- stable/7/ r234954 releng/7.4/ r234954 stable/8/ r234954 releng/8.3/ r234954 releng/8.2/ r234954 releng/8.1/ r234954 stable/9/ r234954 releng/9.0/ r234954 - - ------------------------------------------------------------------------- VII. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. CVE-2011-4109 A double free vulnerability when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to cause applications crashes and potentially allow execution of arbitrary code by triggering failure of a policy check. CVE-2011-4354 On 32-bit systems, the operations on NIST elliptic curves P-256 and P-384 are not correctly implemented, potentially leaking the private ECC key of a TLS server. For the oldstable distribution (lenny), these problems have been fixed in version 0.9.8g-15+lenny15. For the stable distribution (squeeze), these problems have been fixed in version 0.9.8o-4squeeze5. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 1.0.0f-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Now, if no valid disks are found for Hypervisor installation, a message is displayed informing the user that there are no valid disks for installation. (BZ#781471) * Previously, the user interface for the Hypervisor did not indicate whether the system was registered with Red Hat Network (RHN) Classic or RHN Satellite. As a result, customers could not easily determine the registration status of their Hypervisor installations. The TUI has been updated to display the registration status of the Hypervisor. (BZ#788223) * Previously, autoinstall would fail if the firstboot or reinstall options were passed but local_boot or upgrade were not passed. Now, neither the local_boot or upgrade parameters are required for autoinstall. 788225 - autoinstall fails when local_boot or upgrade not passed on command line 788226 - rhev-hypervisor6 6.2 Update 2 Release bugzilla 6. Release Date: 2012-01-19 Last Updated: 2012-01-19 ------------------------------------------------------------------------------ Potential Security Impact: Remote Denial of Service (DoS), unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS) or to gain unauthorized access. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08s. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4109 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 9.3 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location ftp://ossl098s:Secure12@ftp.usa.hp.com HP-UX Release / Depot Name B.11.11 PA (32 and 64) / OpenSSL_A.00.09.08s.001_HP-UX_B.11.11_32+64.depot B.11.23 (PA and IA) / OpenSSL_A.00.09.08s.002_HP-UX_B.11.23_IA-PA.depot B.11.31 (PA and IA) / OpenSSL_A.00.09.08s.003_HP-UX_B.11.31_IA-PA.depot MANUAL ACTIONS: Yes - Update Install OpenSSL A.00.09.08s or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.001 or subsequent HP-UX B.11.23 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.002 or subsequent HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: Install revision A.00.09.08s.003 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 19 January 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. DTLS Plaintext Recovery Attack (CVE-2011-4108) ============================================== Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can be found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf Thanks go to Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> for preparing the fix. The bug does not occur unless this flag is set. This flaw was discovered by Ben Laurie and a fix provided by Emilia Kasper <ekasper@google.com> of Google. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. Thanks to Adam Langley <agl@chromium.org> for identifying and fixing this issue. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) ==================================================================== RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with "enable-rfc3779". Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and Rob Austein <sra@hactrn.net> for fixing it. Thanks to George Kadianakis <desnacked@gmail.com> for identifying this issue and to Adam Langley <agl@chromium.org> for fixing it. Invalid GOST parameters DoS Attack (CVE-2012-0027) =================================================== A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug. Thanks to Andrey Kulikov <amdeich@gmail.com> for identifying and fixing this issue. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20120104.txt

Trust: 2.79

sources: NVD: CVE-2011-4619 // CERT/CC: VU#737740 // BID: 51281 // VULMON: CVE-2011-4619 // PACKETSTORM: 116824 // PACKETSTORM: 109327 // PACKETSTORM: 110012 // PACKETSTORM: 112452 // PACKETSTORM: 116825 // PACKETSTORM: 108700 // PACKETSTORM: 109788 // PACKETSTORM: 109073 // PACKETSTORM: 169679

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8p

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.4

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8q

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.1c

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:0.9.8r

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.2b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8n

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8o

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7k

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:1.0.0e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0.0a

Trust: 1.0

vendor:efimodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel:project openssl 0.9.8mscope: - version: -

Trust: 0.6

vendor:opensslmodel:project openssl 0.9.8nscope: - version: -

Trust: 0.6

vendor:opensslmodel:project openssl 0.9.8oscope: - version: -

Trust: 0.6

vendor:ibmmodel:informix generoscope:eqversion:2.32

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.1

Trust: 0.3

vendor:f5model:big-ip wom hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:neversion:6.2.1.0.9

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.7.0scope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8fscope: - version: -

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.4.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp1scope:eqversion:11

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0dscope: - version: -

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.0

Trust: 0.3

vendor:f5model:big-ip apm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.41

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.2.4

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.3.0.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:neversion:6.3

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.2.0scope: - version: -

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.1.0 sp4scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:freebsdmodel:8.1-stablescope: - version: -

Trust: 0.3

vendor:ibmmodel:ds8870scope:eqversion:7.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.8

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.1

Trust: 0.3

vendor:junipermodel:junos space ja1500 appliancescope:eqversion: -

Trust: 0.3

vendor:ibmmodel:sterling connect:enterprise for unixscope:eqversion:2.5

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.4.1

Trust: 0.3

vendor:f5model:big-ip asm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:neversion:5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:1.1

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.1.0.1

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:2.5

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.1

Trust: 0.3

vendor:avayamodel:voice portalscope:neversion:5.1.3

Trust: 0.3

vendor:f5model:big-ip psm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:junipermodel:junos space ja2500 appliancescope:eqversion: -

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:neversion:2812-11411.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.1.0

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli endpoint manager for remote controlscope:eqversion:8.2.1

Trust: 0.3

vendor:attachmatemodel:reflection sp1scope:eqversion:14.0

Trust: 0.3

vendor:avayamodel:aura communication manager sp4scope:neversion:5.2.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.8

Trust: 0.3

vendor:ibmmodel:security virtual server protection for vmwarescope:eqversion:1.1.0.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:3.3

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0.0.52

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp11scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:freebsdmodel:8.2-stablescope: - version: -

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.1.0.ascope:eqversion:2810-114

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.3

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp12scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.4.6

Trust: 0.3

vendor:ibmmodel:sterling connect:enterprise for unixscope:eqversion:2.44

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.1.0 sp3scope: - version: -

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.2

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.40

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.4

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.2.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8rscope: - version: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.1.0

Trust: 0.3

vendor:junipermodel:junos space 14.1r1scope:neversion: -

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip analytics hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip link controller hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:freebsdmodel:8.3-stablescope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.4

Trust: 0.3

vendor:ibmmodel:tivoli network manager fp7scope:eqversion:3.8

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:neversion:2.0.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.3

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.1

Trust: 0.3

vendor:f5model:big-ip ltm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp2scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.4.1

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.4

Trust: 0.3

vendor:junipermodel:junos space 13.1p1.14scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.2.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.2.2

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.2

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8pscope: - version: -

Trust: 0.3

vendor:attachmatemodel:reflection for ibmscope:eqversion:20070

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.3

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.3

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.3.0scope: - version: -

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.3

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip gtm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:cloudburstscope:eqversion:2.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip ltm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:neversion:5.2.14

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8sscope:neversion: -

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip analytics hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for microsoft windowsscope:eqversion:4.5.01

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.5

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.3.0

Trust: 0.3

vendor:ibmmodel:cloudburstscope:eqversion:2.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.4

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8qscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.4.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.4.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.4

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.4-453

Trust: 0.3

vendor:f5model:big-ip ltm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0fscope:neversion: -

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:hpmodel:onboard administratorscope:eqversion:3.50

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp10scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip aamscope:eqversion:11.4.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.2.00

Trust: 0.3

vendor:hpmodel:onboard administratorscope:eqversion:3.55

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.0.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56001

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:3.5

Trust: 0.3

vendor:f5model:big-ip psm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip apm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.1

Trust: 0.3

vendor:f5model:big-ip psm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for microsoft windowsscope:eqversion:4.5.00

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c4000scope: - version: -

Trust: 0.3

vendor:f5model:big-ip wom hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip asm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.4

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8gscope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:5.1.2

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.1

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler for applications fp02scope:eqversion:8.4

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:f5model:big-ip asm hf4scope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2812-11411.1.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:2.4

Trust: 0.3

vendor:avayamodel:meeting exchangescope:neversion:6.2

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server for solarisscope:eqversion:1.0.2

Trust: 0.3

vendor:f5model:big-ip afmscope:eqversion:11.4.1

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.1.0.2

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:neversion:2810-11411.2

Trust: 0.3

vendor:f5model:big-ip wom hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:13.3

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp13scope:eqversion:4.0.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli remote controlscope:eqversion:5.1.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:1.4

Trust: 0.3

vendor:f5model:big-ip edge gateway hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.2

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp1scope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.1.0

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse d5100scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp6scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:cloudburstscope:eqversion:1.2

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.2.0 sp2scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:1.7

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8lscope: - version: -

Trust: 0.3

vendor:f5model:big-ip wom hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip analytics 11.0.0-hf2scope: - version: -

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2.1

Trust: 0.3

vendor:junipermodel:junos spacescope:eqversion:0

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.1

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.8

Trust: 0.3

vendor:f5model:big-ip afm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:1.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.2

Trust: 0.3

vendor:f5model:big-ip asm hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.8

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:redhatmodel:jboss enterprise application platformscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip analytics hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-ip apm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:hpmodel:onboard administratorscope:neversion:3.56

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.12

Trust: 0.3

vendor:ibmmodel:tivoli endpoint manager for remote controlscope:eqversion:9.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler for applicationsscope:eqversion:8.6

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:f5model:big-ip psm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltm hf3scope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:security virtual server protection for vmwarescope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0escope: - version: -

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:neversion:1.4-467

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.8

Trust: 0.3

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:14.1

Trust: 0.3

vendor:ibmmodel:infosphere balanced warehouse c3000scope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.8

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.4

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.0.1.ascope:eqversion:2810-114

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:eqversion:11.2.0

Trust: 0.3

vendor:efimodel:fiery print controllerscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:xeroxmodel:docucolor dc260scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp8scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.00

Trust: 0.3

vendor:ibmmodel:service delivery managerscope:eqversion:7.2.2

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip ltm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:xeroxmodel:docucolor dc242scope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0cscope: - version: -

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.1.0

Trust: 0.3

vendor:f5model:big-ip apm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp03scope:eqversion:8.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.2

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.4.0

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:11

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:20500

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.1

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.13

Trust: 0.3

vendor:avayamodel:aura sip enablement services sp4scope:neversion:5.2.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip wom hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.2.1

Trust: 0.3

vendor:attachmatemodel:reflection for ibmscope:eqversion:20080

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:neversion:6.2.5.0.15

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.1

Trust: 0.3

vendor:freebsdmodel:7.4-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.9

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp4scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for unixscope:eqversion:4.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.2.00

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0bscope: - version: -

Trust: 0.3

vendor:f5model:big-ip analytics hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:57100

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:10.2.4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp9scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.3.0

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp07scope:eqversion:8.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8.3

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:sterling connect:directscope:eqversion:3.5

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip asm hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp5scope:eqversion:4.0.0

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.8.4

Trust: 0.3

vendor:f5model:big-ip gtmscope:eqversion:11.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler for applications fp01scope:eqversion:8.5

Trust: 0.3

vendor:f5model:big-ip psm hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for unixscope:eqversion:4.1

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp02scope:eqversion:8.6

Trust: 0.3

vendor:ibmmodel:ds8870scope:eqversion:7.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.3

Trust: 0.3

vendor:f5model:big-ip edge gatewayscope:eqversion:10.2.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip apm hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip analytics hf2scope:eqversion:11.2.1

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2810-11411.1.1

Trust: 0.3

vendor:attachmatemodel:reflection sp1scope:eqversion:14.1

Trust: 0.3

vendor:f5model:big-ip psm hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:11.0

Trust: 0.3

vendor:f5model:big-ip asm hf3scope:eqversion:11.2.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura application server sip core pb26scope:neversion:53002.0

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.3

Trust: 0.3

vendor:ibmmodel:sterling connect:directscope:eqversion:3.6

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:1.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:f5model:big-ip webaccelerator hf3scope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.1.0.ascope:eqversion:2812-114

Trust: 0.3

vendor:freebsdmodel:9.0-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:viosscope:eqversion:2.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.1

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2810-11411

Trust: 0.3

vendor:ibmmodel:sterling connect:directscope:neversion:3.61

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:redhatmodel:enterprise virtualization hypervisor for rhelscope:eqversion:60

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.2

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip apm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56002

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:76000

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura experience portal sp1scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp3scope:eqversion:4.0.0

Trust: 0.3

vendor:f5model:arxscope:eqversion:6.1

Trust: 0.3

vendor:junipermodel:junos space r1.8scope:eqversion:13.1

Trust: 0.3

vendor:f5model:big-ip analytics hf3scope:eqversion:11.2

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:10.2.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:10.2.4

Trust: 0.3

vendor:ibmmodel:informix generoscope:eqversion:2.40

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.2.1

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.0.00

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip asm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip ltm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.1.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip analytics hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:f5model:big-ip womscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:2.3

Trust: 0.3

vendor:attachmatemodel:reflection for unix and openvmsscope:eqversion:20080

Trust: 0.3

vendor:ibmmodel:sterling connect:direct for microsoft windowsscope:eqversion:4.6.0

Trust: 0.3

vendor:redhatmodel:enterprise virtualization hypervisor for rhelscope:eqversion:50

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2

Trust: 0.3

vendor:f5model:big-ip psm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp1scope:eqversion:4.0.0

Trust: 0.3

vendor:ibmmodel:tivoli network manager fp3scope:eqversion:3.9

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server for windowsscope:eqversion:1.0.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:sterling connect:express for unixscope:eqversion:1.5.0

Trust: 0.3

vendor:f5model:big-ip ltm hf1scope:eqversion:11.2.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/system service monitor fp7scope:eqversion:4.0.0

Trust: 0.3

vendor:freebsdmodel:9.0-releasescope: - version: -

Trust: 0.3

vendor:f5model:big-ip apm hf2scope:eqversion:11.2.0

Trust: 0.3

vendor:f5model:big-ip wom hf1scope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77100

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.1.0scope: - version: -

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtm 11.0.1.ascope:eqversion:2812-114

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.3.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:10500

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.3.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.2.4

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:f5model:big-ip analytics hf7scope:eqversion:11.1.0

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:f5model:big-ip apmscope:eqversion:11.2

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:77000

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:f5model:big-ip pemscope:eqversion:11.4.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16.3

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:14.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli composite application manager for transactionsscope:eqversion:7.2.0.2

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:10.2.4

Trust: 0.3

vendor:f5model:big-ip asmscope:eqversion:11.0.00

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:3.2

Trust: 0.3

vendor:f5model:big-ip psm hf5scope:eqversion:11.2.1

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.5

Trust: 0.3

vendor:f5model:big-ip analyticsscope:eqversion:11.4.1

Trust: 0.3

vendor:ibmmodel:tivoli workload scheduler distributed fp04scope:eqversion:8.5.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:xeroxmodel:docucolor dc252scope:eqversion:0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:neversion:6.2

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.4

Trust: 0.3

vendor:ibmmodel:ds8870scope:neversion:7.2

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:f5model:big-ip pem hf4scope:eqversion:11.3.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip ltmscope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:10.2.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention systemscope:eqversion:4.2

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:hardware management console 7r7.2.0 sp1scope: - version: -

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:8.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:11.3

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:eqversion:2.0.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:message networkingscope:neversion:5.2.5

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.1

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:7.1.1

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.5

Trust: 0.3

vendor:f5model:big-ip psm hf3scope:eqversion:11.2.1

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:11.1

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0ascope: - version: -

Trust: 0.3

vendor:ibmmodel:xiv storage system gen3 mtmscope:eqversion:2812-11411

Trust: 0.3

sources: CERT/CC: VU#737740 // BID: 51281 // NVD: CVE-2011-4619

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4619
value: MEDIUM

Trust: 1.0

VULMON: CVE-2011-4619
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4619
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

sources: VULMON: CVE-2011-4619 // NVD: CVE-2011-4619

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

sources: NVD: CVE-2011-4619

THREAT TYPE

network

Trust: 0.3

sources: BID: 51281

TYPE

Unknown

Trust: 0.3

sources: BID: 51281

PATCH

title:Red Hat: Moderate: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120086 - Security Advisory

Trust: 0.1

title:Red Hat: Important: rhev-hypervisor6 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120109 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120060 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: openssl security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120059 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2011-4354: OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keysurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ea25fd33228ddfe870d0eb9177265369

Trust: 0.1

title:Debian Security Advisories: DSA-2390-1 openssl -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e583d2cd94d02b09eb008edba3c25e28

Trust: 0.1

title:Debian CVElist Bug Report Logs: Potential DTLS crasher bugurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=42b9da1ce27bbcacbdb9142890b6ad6b

Trust: 0.1

title:Amazon Linux AMI: ALAS-2012-038url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2012-038

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1357-1

Trust: 0.1

title: - url:https://github.com/hrbrmstr/internetdb

Trust: 0.1

sources: VULMON: CVE-2011-4619

EXTERNAL IDS

db:NVDid:CVE-2011-4619

Trust: 2.3

db:CERT/CCid:VU#737740

Trust: 2.2

db:SECUNIAid:48528

Trust: 1.1

db:SECUNIAid:57353

Trust: 1.1

db:JUNIPERid:JSA10659

Trust: 0.3

db:BIDid:51281

Trust: 0.3

db:VULMONid:CVE-2011-4619

Trust: 0.1

db:PACKETSTORMid:116824

Trust: 0.1

db:PACKETSTORMid:109327

Trust: 0.1

db:PACKETSTORMid:110012

Trust: 0.1

db:PACKETSTORMid:112452

Trust: 0.1

db:PACKETSTORMid:116825

Trust: 0.1

db:PACKETSTORMid:108700

Trust: 0.1

db:PACKETSTORMid:109788

Trust: 0.1

db:PACKETSTORMid:109073

Trust: 0.1

db:PACKETSTORMid:169679

Trust: 0.1

sources: CERT/CC: VU#737740 // VULMON: CVE-2011-4619 // BID: 51281 // PACKETSTORM: 116824 // PACKETSTORM: 109327 // PACKETSTORM: 110012 // PACKETSTORM: 112452 // PACKETSTORM: 116825 // PACKETSTORM: 108700 // PACKETSTORM: 109788 // PACKETSTORM: 109073 // PACKETSTORM: 169679 // NVD: CVE-2011-4619

REFERENCES

url:http://www.openssl.org/news/secadv_20120104.txt

Trust: 1.6

url:http://rhn.redhat.com/errata/rhsa-2012-1306.html

Trust: 1.5

url:http://rhn.redhat.com/errata/rhsa-2012-1307.html

Trust: 1.5

url:http://www.kb.cert.org/vuls/id/737740

Trust: 1.5

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041

Trust: 1.4

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc

Trust: 1.4

url:http://rhn.redhat.com/errata/rhsa-2012-1308.html

Trust: 1.4

url:http://support.apple.com/kb/ht5784

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004564

Trust: 1.4

url:http://w3.efi.com/fiery

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:006

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:007

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html

Trust: 1.1

url:http://secunia.com/advisories/48528

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=134039053214295&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=132750648501816&w=2

Trust: 1.1

url:http://www.debian.org/security/2012/dsa-2390

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2013/jun/msg00000.html

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-november/092905.html

Trust: 1.1

url:http://secunia.com/advisories/57353

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=133951357207000&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=133728068926468&w=2

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4619

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2011-4576

Trust: 0.9

url:http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260&operatingsystem=win7x64

Trust: 0.8

url:https://www.openssl.org/news/vulnerabilities.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-4109

Trust: 0.7

url:https://www.redhat.com/security/data/cve/cve-2011-4576.html

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-4108

Trust: 0.5

url:https://www.redhat.com/security/data/cve/cve-2011-4619.html

Trust: 0.5

url:http://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:http://www.attachmate.com/

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=isg400001530

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=isg400001529

Trust: 0.3

url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_potential_security_exposure_when_using_ibm_infosphere_streams_due_to_vulnerabilities_in_ibm_java_se_version_6_sdk6?lang=en_us

Trust: 0.3

url:https://www14.software.ibm.com/webapp/iwm/web/prelogin.do?source=aixbp

Trust: 0.3

url:http://www.openssl.org

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100157565

Trust: 0.3

url:http://blog.pfsense.org/?p=676

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21637929

Trust: 0.3

url:https://www.ibm.com/connections/blogs/psirt/entry/security_bulletin_ibm_tivoli_netcool_system_service_monitors_application_service_monitors_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us

Trust: 0.3

url:http://support.attachmate.com/techdocs/1708.html

Trust: 0.3

url:http://support.attachmate.com/techdocs/2502.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21631429

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21626257

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21651196

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10659

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100156631

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100156392

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100157969

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100161892

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100161590

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21650623

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643698

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03383940

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21638022

Trust: 0.3

url:https://www.ibm.com/support/docview.wss?uid=swg21619837

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21631322

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001560

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24030251

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24033501

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004323

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643442

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21625170

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21651176

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21627934

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21633107

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21635888

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21638669

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21638670

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643439

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643437

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15314.html

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15388.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15389.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15395.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15460.html?ref=rss

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15461.html?ref=rss

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643316

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2012-0013.html

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100158312

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100150578

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100156392

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2011-4109.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-0884

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2110

Trust: 0.3

url:https://access.redhat.com/kb/docs/doc-11259

Trust: 0.3

url:https://access.redhat.com/security/team/key/#package

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-4577

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-2333

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-2333.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-1165

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-2110.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-0884.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-4108.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1165.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-0029.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2012-0029

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/399.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2012:0086

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/1357-1/

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=5.1.2

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0086.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0168.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0207.html

Trust: 0.1

url:https://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization_for_servers/2.2/html/technical_notes/index.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0207

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4576

Trust: 0.1

url:http://security.freebsd.org/patches/sa-12:01/openssl.patch

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2110

Trust: 0.1

url:http://security.freebsd.org/advisories/freebsd-sa-12:01.openssl.asc

Trust: 0.1

url:http://lists.openwall.net/full-disclosure/2012/04/19/4

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4109

Trust: 0.1

url:http://www.openssl.org/news/secadv_20120419.txt

Trust: 0.1

url:http://security.freebsd.org/patches/sa-12:01/openssl.patch.asc

Trust: 0.1

url:http://www.freebsd.org/handbook/makeworld.html>

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4619

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0884

Trust: 0.1

url:http://www.openssl.org/news/secadv_20120312.txt

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=1.0.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4354

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2012-0109.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-4577.html

Trust: 0.1

url:http://docs.redhat.com/docs/en-us/red_hat_enterprise_virtualization/3.0/html/technical_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3210

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430

Trust: 0.1

url:https://www.hp.com/go/swa

Trust: 0.1

url:http://www.isg.rhul.ac.uk/~kp/dtls.pdf

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0027

Trust: 0.1

url:https://www.isg.rhul.ac.uk)

Trust: 0.1

sources: CERT/CC: VU#737740 // VULMON: CVE-2011-4619 // BID: 51281 // PACKETSTORM: 116824 // PACKETSTORM: 109327 // PACKETSTORM: 110012 // PACKETSTORM: 112452 // PACKETSTORM: 116825 // PACKETSTORM: 108700 // PACKETSTORM: 109788 // PACKETSTORM: 109073 // PACKETSTORM: 169679 // NVD: CVE-2011-4619

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 116824 // PACKETSTORM: 109327 // PACKETSTORM: 110012 // PACKETSTORM: 116825 // PACKETSTORM: 109788

SOURCES

db:CERT/CCid:VU#737740
db:VULMONid:CVE-2011-4619
db:BIDid:51281
db:PACKETSTORMid:116824
db:PACKETSTORMid:109327
db:PACKETSTORMid:110012
db:PACKETSTORMid:112452
db:PACKETSTORMid:116825
db:PACKETSTORMid:108700
db:PACKETSTORMid:109788
db:PACKETSTORMid:109073
db:PACKETSTORMid:169679
db:NVDid:CVE-2011-4619

LAST UPDATE DATE

2024-11-06T21:42:30.793000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#737740date:2013-05-02T00:00:00
db:VULMONid:CVE-2011-4619date:2016-08-23T00:00:00
db:BIDid:51281date:2015-04-13T21:31:00
db:NVDid:CVE-2011-4619date:2016-08-23T02:04:40.557

SOURCES RELEASE DATE

db:CERT/CCid:VU#737740date:2013-03-18T00:00:00
db:VULMONid:CVE-2011-4619date:2012-01-06T00:00:00
db:BIDid:51281date:2012-01-05T00:00:00
db:PACKETSTORMid:116824date:2012-09-25T00:15:05
db:PACKETSTORMid:109327date:2012-02-02T01:22:35
db:PACKETSTORMid:110012date:2012-02-21T15:34:06
db:PACKETSTORMid:112452date:2012-05-03T23:13:24
db:PACKETSTORMid:116825date:2012-09-25T00:15:29
db:PACKETSTORMid:108700date:2012-01-16T02:59:37
db:PACKETSTORMid:109788date:2012-02-15T22:44:29
db:PACKETSTORMid:109073date:2012-01-25T16:35:29
db:PACKETSTORMid:169679date:2012-01-04T12:12:12
db:NVDid:CVE-2011-4619date:2012-01-06T01:55:01.003