OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when a null-pointer assignment in the do_change_cipher_spec() function is accessed via a carefully crafted SSL/TLS handshake. This might cause some applications that depend on OpenSSL to crash or otherwise lead to a denial of service, and will result in loss of availability for OpenSSL or the application that is depending on it.
Local Access Required,
Remote / Network Access
Denial of Service,
Loss of Availability
Upgrade to version 0.9.6l, 0.9.7d, or higher and recompile all applications which statically link to OpenSSL, as this has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.