Info

Disclosure

Feb 08, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Feb 08, 2011

Description

OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs while parsing malformed ClientHello handshake messages, which may be exploited to trigger an invalid memory access with a crafted ClientHello handshake message. This may allow a remote attacker to cause a denial of service. Certain applications which use SSL may also allow the disclosure of the contents of parsed OCSP extensions.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Information Disclosure
Impact: Loss of Confidentiality, Loss of Availability
Solution: Patch / RCS, Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Security Software

Solution

Upgrade to version 0.9.8r or 1.0.0d or higher, as they have been reported to fix this vulnerability. In addition, the OpenSSL team has released a patch for some older versions.

Products

The OpenSSL Project	OpenSSL	0.9.8h
		0.9.8i
		0.9.8j
		0.9.8k
		1.0.0b
		0.9.8l
		0.9.8m
		1.0.0
		0.9.8n
		0.9.8o
		0.9.8p
		0.9.8q
		1.0.0c
		1.0.0a

IBM Corporation	InfoSphere Balanced Warehouse	C3000
		C4000
		D5100
	Smart Analytics System	1050 for Linux
		2050 for Linux
		5600 V1
		5600 V2
		5710
	Hardware Management Console (HMC)	V7R7.6.0
	Hardware Management Console (HMC)	V7R7.7.0
	Tivoli Netcool/System Service Monitor	4.0.0

References

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/70847

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

The OpenSSL Project

OpenSSL

IBM Corporation

InfoSphere Balanced Warehouse

Smart Analytics System

Hardware Management Console (HMC)

Tivoli Netcool/System Service Monitor

References

Credit