Release date: 2012-03-12
Updated on: 2012-03-13
Affected Systems:
OpenSSL Project OpenSSL 1.x
OpenSSL Project OpenSSL 0.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-0884
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
The CMS and PKCS #7 encryption codes of OpenSSL have security vulnerabilities. Attackers can bypass certain security restrictions by launching a brute force attack on CMS, PKCS #7, or S/MIME encryption.
<* Source: Ivan Nestlerode
Link: http://secunia.com/advisories/46958/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OpenSSL Project
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openssl.org/