Skip to main content

OpenSSL Multiple Vulnerabilities

Last Update Date: 5 Jan 2012 11:57 Release Date: 5 Jan 2012 5762 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in OpenSSL, which can be exploited by attackers to conduct remote code execution and denial of service. The vulnerabilities can cause the following issues:

  • DTLS Plaintext Recovery Attack (CVE-2011-4108)
  • Double-free in Policy Checks (CVE-2011-4109)
  • Uninitialized SSL 3.0 Padding (CVE-2011-4576)
  • Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
  • SGC Restart DoS Attack (CVE-2011-4619)
  • Invalid GOST parameters DoS Attack (CVE-2012-0027)

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • OpenSSL version prior to 1.0.0f
  • OpenSSL version prior to 0.9.8s

 


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Upgrade to OpenSSL 1.0.0f and 0.9.8s.

Vulnerability Identifier


Source


Related Link