OpenSSL Multiple Vulnerabilities

Last Update Date: 3 Jan 2014 10:44 Release Date: 3 Jan 2014 3810 Views

RISK: High Risk

High Risk

TYPE: Servers - Network Management

TYPE: Network Management

Multiple vulnerabilities have been identified in OpenSSL. A remote user may be able to conduct man-in-the-middle attacks and cause denial of service conditions.

  1. The DTLS retransmission implementation does not properly maintain data structures for digest and encryption contexts. A remote user conducting a man-in-the-middle attacker may be able to trigger the use of a different context.
  2. The ssl_get_algorithm2() function in 'ssl/s3_lib.c' uses an incorrect version number. A remote user can send specially crafted data (using TLS 1.2) to cause the target service to crash.

 

Impact

  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Version 0.9.8y and prior, 1.0 - 1.0.1e, and version prior to 1.0.2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a source code fix.

Vulnerability Identifier

Source

Related Link

Share with

Previous

cPanel Multiple Vulnerabilities

24 Dec 2013 3639 Views

Next

HP Data Protector Multiple Vulnerabilities

6 Jan 2014 3698 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY