A+ R A-

U-085: OpenSSL DTLS Bug Lets Remote Users Deny Service

U-085: OpenSSL DTLS Bug Lets Remote Users Deny Service
Privacy and Legal Notice

JC3-CIRC TECHNICAL BULLETIN

January 20, 2012 9:15 AM ET

PROBLEM:

OpenSSL DTLS Bug Lets Remote Users Deny Service

PLATFORM:

Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected.

ABSTRACT:

A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack.

 

 

IMPACT ASSESSMENT:

Medium

Discussion:
A vulnerability was reported in OpenSSL. The fix to correct the Datagram Transport Layer Security (DTLS) vulnerability referenced by CVE-2011-4108 introduced a flaw. A remote user can send specially crafted data to cause denial of service conditions on the target system.

Impact:
A remote user can cause denial of service conditions.

Solution:
Affected users should upgrade[3] to OpenSSL 1.0.0g or 0.9.8t.

[1][2]
References
  1. ^ Privacy and Legal Notice (www.energy.gov)
  2. ^ CVE-2011-4108 (web.nvd.nist.gov)
  3. ^ upgrade (www.openssl.org)

Authors: JC3-CIRC

Read Full Article @ Source

Got News?

Get email updates