May 26, 2013

You are here: Home / Cryptography / Vulnerability in Open SSL 1.0.X

Vulnerability in Open SSL 1.0.X

August 10, 2010 by

New vulnerability in Open SSL 1.0.X has been reported by Computerworld. This vulnerability has been discovered by a security expert Georg Guninski. He has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients.

The hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssl\s3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.

Read more about this news here.

Source: [Computerworld]

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
Filed Under: Cryptography, Vulnerability Tagged With: ,

Trackbacks

  1. Tweets that mention Vulnerability in Open SSL 1.0.X -- Topsy.com says:
    August 10, 2010 at 5:04 pm

    [...] This post was mentioned on Twitter by 南门雄 and 까막눈, Dr. Ali Jahangiri: . Dr. Ali Jahangiri: said: Vulnerability in Open SSL 1.0.X http://bit.ly/aHIPFr [...]