OpenSSL bug under Windows can allow denial of service

Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows. Version 0.9.6 has a bug that could allow denial of service.

Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows....

Version 0.9.6 has a bug that could allow denial of service.

OpenSSL is an open-source implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols, used to provide security protection to a variety of Internet protocols, including Web and e-mail applications. OpenSSL uses ASN.1 (Abstract Syntax Notation One) objects as part of the protocol exchange. The vulnerability will allow some ASN.1 sequences to cause a large recursion, which Windows doesn't handle properly. A remote attacker can send a specially created client certificate to a server and crash OpenSSL, causing a denial of service.

FOR MORE INFORMATION:

Download the patch or a bugfree version of OpenSSL here.

Dig Deeper on Network Protocols and Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close