You are here

Home › Cryptographic Message Syntax Vulnerability in openssl 0.9.8n and 1.0.0

Cryptographic Message Syntax Vulnerability in openssl 0.9.8n and 1.0.0

Submitted on !datetime by !username.
IDs: 
CVE-2010-0742
Keywords: 
OpenSSL
Description: 

A security advisory has been published for openssl 0.9.8n and 1.0.0.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742
http://www.openssl.org/news/secadv_20100601.txt

The affected Cryptographic Message Syntax (CMS) functions have been added in openssl 0.9.8 but they are disabled by default in 0.9.8 versions. They have been enabled in openssl 1.0.0.

Airlock is not affected by CVE-2010-0742.

Airlock versionopenssl versionconclusion
4.2.0 and 4.2.10.9.8kCMS is disabled -> not affected
4.2.21.0.0afixed openssl -> not affected
4.1-10.65-HF4115 and 4.1-11.290.9.8kCMS is disabled -> not affected
4.1-10.650.9.7kdoes not contain CMS code -> not affected

 

The CMS functions are relatively new and are today only used in S/MIME-context (encrypted/signed emails). Airlock does not use S/MIME.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock
Reference: 
http://www.openssl.org/news/secadv_20100601.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742
© Ergon Informatik AG