Users of OpenSSL TLS server please be advised of a buffer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
which on affected servers can be exploited in a buffer overrun attack.
This allows an attacker to cause an appliation crash or potentially to
execute arbitrary code.
However, not all OpenSSL based SSL/TLS servers are vulnerable: A server
is vulnerable if it is multi-threaded and uses OpenSSL's internal caching
mechanism. In particular the Apache HTTP server (which never uses OpenSSL
internal caching) and Stunnel (which includes its own workaround) are NOT
affected.
See this Amp at http://bit.ly/iapcEZ
No comments:
Post a Comment