U-085: OpenSSL DTLS Bug Lets Remote Users Deny Service
Privacy and Legal Notice
Discussion:
A vulnerability was reported in OpenSSL. The fix to correct the Datagram Transport Layer Security (DTLS) vulnerability referenced by CVE-2011-4108 introduced a flaw. A remote user can send specially crafted data to cause denial of service conditions on the target system.
TECHNICAL BULLETIN
January 20, 2012 9:15 AM ET
PROBLEM: | OpenSSL DTLS Bug Lets Remote Users Deny Service |
PLATFORM: | Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected. |
ABSTRACT: | A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. |
IMPACT ASSESSMENT: | Medium |
A vulnerability was reported in OpenSSL. The fix to correct the Datagram Transport Layer Security (DTLS) vulnerability referenced by CVE-2011-4108 introduced a flaw. A remote user can send specially crafted data to cause denial of service conditions on the target system.
Impact:
A remote user can cause denial of service conditions.
Solution:
Affected users should upgrade[3] to OpenSSL 1.0.0g or 0.9.8t.
References
- ^ Privacy and Legal Notice (www.energy.gov)
- ^ CVE-2011-4108 (web.nvd.nist.gov)
- ^ upgrade (www.openssl.org)
Authors: JC3-CIRC