You are here

U-085: OpenSSL DTLS Bug Lets Remote Users Deny Service

January 20, 2012 - 9:15am

Addthis

PROBLEM:

OpenSSL DTLS Bug Lets Remote Users Deny Service

PLATFORM:

Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected.

ABSTRACT:

A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack.

REFERNCE LINKS:

CVE-2012-0050
SecurityTracker Alert ID: 1026548
OpenSSL Security Advisory [18 Jan 2011]
OpenSSL News

IMPACT ASSESSMENT:

Medium

Discussion:

A vulnerability was reported in OpenSSL. The fix to correct the Datagram Transport Layer Security (DTLS) vulnerability referenced by CVE-2011-4108 introduced a flaw. A remote user can send specially crafted data to cause denial of service conditions on the target system.

Impact:

A remote user can cause denial of service conditions.

Solution:

Affected users should upgrade to OpenSSL 1.0.0g or 0.9.8t.

Addthis