OpenSSL bug under Windows can allow denial of service

Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows. Version 0.9.6 has a bug that could allow denial of service.

Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows....

Version 0.9.6 has a bug that could allow denial of service.

OpenSSL is an open-source implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols, used to provide security protection to a variety of Internet protocols, including Web and e-mail applications. OpenSSL uses ASN.1 (Abstract Syntax Notation One) objects as part of the protocol exchange. The vulnerability will allow some ASN.1 sequences to cause a large recursion, which Windows doesn't handle properly. A remote attacker can send a specially created client certificate to a server and crash OpenSSL, causing a denial of service.

FOR MORE INFORMATION:

Download the patch or a bugfree version of OpenSSL here.

This Content Component encountered an error

PRO+

Content

Find more PRO+ content and other member only offers, here.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close