Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: OpenSSL vulnerability fixes - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSL vulnerability fixes

OpenSSL has addressed six vulnerabilities in OpenSSL 1.0.0f and 0.9.8s.

 
CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)
 
Details here: http://openssl.org/news/secadv_20120104.txt
Downloads here: http://openssl.org/source/
 
Note that the hyperlink for the Nadhem Alfardan and Kenny Paterson paper specific to the DTLS Plaintext Recovery Attack results in a 404 error.
 

 

Russ McRee

181 Posts
ISC Handler
The paper is now available at the previously advertised URL:

www.isg.rhul.ac.ul/~kp/dtls.pdf
Anonymous
Is this a United Linkdom address? :-)

Make that...
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Anonymous

Sign Up for Free or Log In to start participating in the conversation!