OpenSSL bug under Windows can allow denial of service

Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows. Version 0.9.6 has a bug that could allow denial of service.

Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows. Version 0.9.6 has a bug that could allow denial of service.

OpenSSL is an open-source implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols, used to provide security protection to a variety of Internet protocols, including Web and e-mail applications. OpenSSL uses ASN.1 (Abstract Syntax Notation One) objects as part of the protocol exchange. The vulnerability will allow some ASN.1 sequences to cause a large recursion, which Windows doesn't handle properly. A remote attacker can send a specially created client certificate to a server and crash OpenSSL, causing a denial of service.

FOR MORE INFORMATION:

Download the patch or a bugfree version of OpenSSL here.

Dig deeper on Network Protocols and Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close