CVE-2011-4576 Information

Description

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

Reference

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 http://marc.info/?l=bugtraq&m=133951357207000&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://rhn.redhat.com/errata/RHSA-2012-1306.html http://rhn.redhat.com/errata/RHSA-2012-1307.html http://rhn.redhat.com/errata/RHSA-2012-1308.html http://secunia.com/advisories/48528 http://secunia.com/advisories/55069 http://secunia.com/advisories/57353 http://support.apple.com/kb/HT5784 http://www.debian.org/security/2012/dsa-2390 http://www.kb.cert.org/vuls/id/737740 http://www.mandriva.com/security/advisories?name=MDVSA-2012:006 http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 http://www.openssl.org/news/secadv_20120104.txt http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564