Oval Definition:	oval:com.ubuntu.precise:def:20113389000
Revision Date: 2011-09-06 Version: 1 Title: CVE-2011-3389 on Ubuntu 12.04 LTS (precise) - low. Description: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. Family: unix Class: vulnerability Status: Reference(s): CVE-2011-3389 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'gnutls26' package in precise is not affected. OR NOT While related to the CVE in some way, the 'icedtea-web' package in precise is not affected. OR While related to the CVE in some way, a decision has been made to ignore it. OR NOT While related to the CVE in some way, the 'openjdk-6' package in precise is not affected (note: '6b23~pre11-1ubuntu2'). OR The 'openjdk-7' package in precise was vulnerable but has been fixed (note: '7~b147-2.0-1ubuntu1'). OR NOT While related to the CVE in some way, the 'openssl' package in precise is not affected (note: 'countermeasure in place').
BACK