[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Information Disclosure Vulnerability in OpenSSL via crafted packets

ID: oval:org.secpod.oval:def:15481Date: (C)2013-09-20   (M)2023-12-07
Class: VULNERABILITYFamily: macos




The host is installed with Apple Mac OS X 10.6 through 10.6.8 or Mac OS X Lion 10.7 through 10.7.5, Mac OS X Mountain Lion 10.8 through 10.8.4 and is prone to information Disclosure Vulnerability. The flaw is present in the The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, which does not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding. Successful exploitation allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Platform:
Apple Mac OS X 10.6
Apple Mac OS X Server 10.6
Apple Mac OS X 10.7
Apple Mac OS X Server 10.7
Apple Mac OS X 10.8
Apple Mac OS X Server 10.8
Reference:
CVE-2013-0169
CVE    1
CVE-2013-0169
CPE    2
cpe:/o:apple:mac_os_x
cpe:/o:apple:mac_os_x_server

© SecPod Technologies