September 18, 2014

Vulnerability in Open SSL 1.0.X

New vulnerability in Open SSL 1.0.X has been reported by Computerworld. This vulnerability has been discovered by a security expert Georg Guninski. He has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients.

The hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssl\s3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.

Read more about this news here.

Source: [Computerworld]

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks