September 2, 2014

OpenSSL Fix Flaw in Recent Bug Fix

(LiveHacking.Com) – Earlier this month, the OpenSSL project released updates to two new versions (OpenSSL 1.0.0f and 0.9.8s) of the popular open source toolkit for SSL/TLS to fix a total of six security flaws. One of the vulnerabilities fixed (CVE-2011-4108) was in OpenSSL’s DTLS implementation which allowed an efficient plaintext recovery attack. However Antonio Martin from Cisco Systems, Inc found a flaw in the in the fix that can be exploited in a denial of service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected.

To remedy this the OpenSSL project have now released OpenSSL 1.0.0g and OpenSSL 0.9.8t.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks