March 29, 2010, 10:36AM
OpenSSL Flaw Can Crash Remote Machines
Comment 
There is a vulnerability in some versions of the OpenSSL software that can enable an attacker to crash remote clients or servers using a specially constructed record.
The flaw gives an attacker the ability to use a single TLS record to take out remote machines that are running a vulnerable version of the OpenSSL software. The OpenSSL team has released a patch for the vulnerability, which affects versions 0.9.8f-0.9.8m.
In TLS connections, certain incorrectly formatted records can cause an OpenSSL
client or server to crash due to a read attempt at NULL.
Affected versions depend on the C compiler used with OpenSSL:
- If 'short' is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m.
- Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m.
Users of the vulnerable versions should upgrade immediately.
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit
- New Tool Will Automate Password Cracks on Common SCADA Product
- How Offensive Research Drives Down the Cost of Attacks
- Researchers Dump Trove of 0Days For Popular Android Applications
- Citadel Malware Authors Adopt Open-Source Development Model
Most Commented Stories
-
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit (7)
-
Apple Ships Huge Set of Patches for OS X (7)
-
Privacy Fail: Is Uncle Sam Encouraging Bad Security? (8)
-
Flash With Sandbox in the Works for Firefox (4)
-
Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages (55)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
