Users of OpenSSL please be advised of multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
A race condition exists in the OpenSSL TLS server extension code
parsing when used in a multi-threaded application, which uses
OpenSSL's internal caching mechanism. The race condition can lead toa buffer overflow. [CVE-2010-3864]
A double free exists in the SSL client ECDH handling code, when
processing specially crafted public keys with invalid primenumbers. [CVE-2010-2939]
For affected server applications, an attacker may be able to utilize
the buffer overflow to crash the application or potentially runarbitrary code with the privileges of the application. [CVE-2010-3864].
It may be possible to cause a DoS or potentially execute arbitrary in
the context of the user connection to a malicious SSL server.[CVE-2010-2939]
See this Amp at http://bit.ly/fnlv2N
No comments:
Post a Comment