Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: OpenSSL bulletin - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSL bulletin

The OpenSSL folks have just issued an advisory affecting  DTLS in OpenSSL 0.9.8 prior to 0.9.8f and SSL_get_shared_ciphers() in both 0.9.8 prior to 0.9.8f and 0.9.7 prior to 0.9.7m.  DTLS is a UDP version of TLS described in RFC 4347.

Recommendations: If you are running 0.9.8 can't upgrade to 0.9.8f immediately, you should disable DTLS.  If you are running 0.9.7 and can't upgrade to 0.9.7m, don't use the SSL_get_shared_ciphers() routine.

Advisory: http://www.openssl.org/news/secadv_20071012.txt

CVE entries: CVE-2007-4995, CVE-2007-5135

Jim

400 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!