OpenSSL Multiple Vulnerabilities
Last Update Date:
5 Jan 2012 11:57
Release Date:
5 Jan 2012
5762
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities have been identified in OpenSSL, which can be exploited by attackers to conduct remote code execution and denial of service. The vulnerabilities can cause the following issues:
- DTLS Plaintext Recovery Attack (CVE-2011-4108)
- Double-free in Policy Checks (CVE-2011-4109)
- Uninitialized SSL 3.0 Padding (CVE-2011-4576)
- Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
- SGC Restart DoS Attack (CVE-2011-4619)
- Invalid GOST parameters DoS Attack (CVE-2012-0027)
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- OpenSSL version prior to 1.0.0f
- OpenSSL version prior to 0.9.8s
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to OpenSSL 1.0.0f and 0.9.8s.
Vulnerability Identifier
Source
Related Link
Share with