Name:
OpenSSL.Omit.Key.Exchange.DoS
Released Date:
Jun 10 2008
Severity:
medium
CVE:
2008-1672

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a denial-of-service vulnerability in OpenSSL.

There is a NULL pointer dereference error in the OpenSSL client, which is triggered when a malicious server omits the 'Server Key exchange message' from a TLS handshake.
 
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
 
Affected Products
OpenSSL 0.9.8f and 0.9.8g.
Aliases
References
http://www.frsirt.com/english/advisories/2008/1680
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1672
http://secunia.com/advisories/30405/
Recommended Actions
Update to version 0.9.8h.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED