Information Disclosure Vulnerability in OpenSSL via crafted packetsID: oval:org.secpod.oval:def:15481 | Date: (C)2013-09-20 (M)2023-12-07 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X 10.6 through 10.6.8 or Mac OS X Lion 10.7 through 10.7.5, Mac OS X Mountain Lion 10.8 through 10.8.4 and is prone to information Disclosure Vulnerability. The flaw is present in the The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, which does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding. Successful exploitation allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Platform: |
Apple Mac OS X 10.6 |
Apple Mac OS X Server 10.6 |
Apple Mac OS X 10.7 |
Apple Mac OS X Server 10.7 |
Apple Mac OS X 10.8 |
Apple Mac OS X Server 10.8 |