Bug 1254 – Denial of Service vulnerabilities in OpenSSL

Bug 1254 - Denial of Service vulnerabilities in OpenSSL

Summary:

Denial of Service vulnerabilities in OpenSSL

Status:	RESOLVED FIXED

Product:	GSI C
Component:	Credentials and Proxies
Version:	unspecified
Platform:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assigned To:	Sam Meder

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2003-10-02 00:04 by Sam Meder
Modified:	2008-08-11 13:54 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Sam Meder 2003-10-02 00:04:11

The OpenSSL project has recently published a report detailing several problems
with the OpenSSL ASN.1 handling:

http://www.openssl.org/news/secadv_20030930.txt

These problems can be exploited for denial of service attacks against
servers/services using the older openssl source release. To the best of our
knowledge there bugs can not be used to gain unauthorized access to systems
running the problematic code.

------- Comment #1 From Sam Meder 2003-10-02 00:16:46 -------

Update packages are now available.