OpenSSL has addressed six vulnerabilities in OpenSSL 1.0.0f and 0.9.8s.
CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
Details here: http://openssl.org/news/secadv_20120104.txt
Downloads here: http://openssl.org/source/
Note that the hyperlink for the Nadhem Alfardan and Kenny Paterson paper specific to the DTLS Plaintext Recovery Attack results in a 404 error.
Russ McRee
@holisticinfosec
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Source: http://isc.sans.edu/diary.html?storyid=12322&rss
![]()
![]()
![]()
CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
Details here: http://openssl.org/news/secadv_20120104.txt
Downloads here: http://openssl.org/source/
Note that the hyperlink for the Nadhem Alfardan and Kenny Paterson paper specific to the DTLS Plaintext Recovery Attack results in a 404 error.
Russ McRee
@holisticinfosec
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Source: http://isc.sans.edu/diary.html?storyid=12322&rss