Biting the hand that feeds IT
Biting the hand that feeds IT
Security:
|
|
News ToolsReg Shops |
The Register » Security » ![[Print]](/Design/graphics/icons/pf.png "Printer-friendly version"){kind=icon} ![[Mobile]](/Design/graphics/icons/regmob.png "Read The Reg on your mobile phone"){kind=icon} ![[Alerts]](/Design/graphics/icons/alerts.png "Reg Desktop News Alerts"){kind=icon}
Unholy trinity of Open SSL vulnsSecurity alertPublished Friday 19th March 2004 13:54 GMT Updated versions of Open SSL have been released following this week's announcement of three potentially troublesome security vulnerabilities. These could be exploited by attackers to launch denial of service attacks against routers or servers running the ubiquitous security protocol, security clearing house CERT warns. OpenSSL is derived from an open source project of the same name focused at offering Secure Sockets Layer and Transport Layer Security technology, as well as a general purpose cryptography library. The technology is widely used across *nix environments and networking equipment. The first flaw stems for a bug in a SSL handshake function used by OpenSSL versions 0.9.6.c to 0.9.6k and versions 0.9.7a to 0.9.7c. The second vulnerability involves Kerberos cipher suites and affects 0.9.7a, 0.9.7b and 0.9.7c. Lastly, OpenSSL prior to version 0.9.6d fails to correctly handle unknown SSL/TLS message types, again triggering a DoS risk. Users of potentially vulnerable systems are advised to upgrade to version 0.9.6m or 0.9.7d of OpenSSL. Most *nix vendors systems and Linux distributions are also publishing their corresponding patches. An advisory from the OpenSSL project is here. ® Related storiesBrits pound OpenSSL bugs
Track this type of story as a custom Atom/RSS feed or by email.
|
|
Top 20 stories • All The Week’s Headlines • Archive • Search
Post to Slashdot
Digg this
Add to del.icio.us
Reddit
Previous Article
