OpenSSL Multiple Vulnerabilities

Last Update Date: 6 Feb 2013 10:44 Release Date: 6 Feb 2013 5063 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities have been identified in OpenSSL. A remote user can cause denial of service conditions, and recover plaintext in certain cases.

  1. A remote user can send specially crafted data to a system using AES-NI for TLS 1.2 or TLS 1.1 to cause denial of service conditions. Only version 1.0.1c is affected.
  2. A remote user with the ability to conduct a man-in-the-middle attack against TLS or DTLS protected connections can recover the original plaintext when CBC-mode encryption is used. This attack is known as the 'Lucky Thirteen' attack.

Impact

  • Denial of Service
  • Information Disclosure

System / Technologies affected

  • Versions prior to 0.9.8y, 1.0.0k, 1.0.1d

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (0.9.8y, 1.0.0k, 1.0.1d).

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple OS X Server Multiple Vulnerabilities

5 Feb 2013 4913 Views

Next

Opera TLS/DTLS CBC Mode Oracle Padding Vulnerability

7 Feb 2013 5003 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY