OpenSSL Multiple Vulnerabilities

Title: OpenSSL Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34411 VERIFY ADVISORY: Critical: Moderately critical DESCRIPTION: Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

1) An error exists in the "ASN1_STRING_print_ex()" function when printing "BMPString" or "UniversalString" strings. This can be exploited to trigger an access to invalid memory and cause a crash via an illegal encoded string length when e.g. printing the contents of a certificate. 2) The "CMS_verify()" function incorrectly handles an error condition when processing malformed signed attributes. This can be exploited to trick an application into considering a malformed set of signed attributes valid and skip further checks. NOTE: This vulnerability only affects OpenSSL versions 0.9.8h and later with CMS enabled (disabled by default). Successful exploitation requires access to a previously generated invalid signature. 3) An error when processing malformed ASN1 structures can be exploited to trigger an access to invalid memory and cause a crash via a specially crafted certificate. NOTE: This vulnerability is only present on platforms where the size of "long" is smaller than the size of "void *" (e.g. WIN64). The vulnerabilities are reported in versions prior to 0.9.8k. SOLUTION: Update to version 0.9.8k. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits Ivan Nestlerode of IBM. 3) The vendor credits Paolo Ganci. ORIGINAL ADVISORY:

Back To Homepage

Dean was on time and his computer diagnosis was spot on.The computer problem was fixed in a matter of minutes.Dean also noticed we had 4 computers in the house and set up our wireless router in the time he had left so we could share files.I can...

Hello, Just a quick note to say thank you to Dean for his excellent customer service he provided during a recent computer problem we had.He was more than happy to answer any questions we had, and took the time to give us a full explanation in our...

Hi there, I would like to thank Dean for the outstanding service I recently received. Dean was very thorough, explained to us in detail what was wrong with our computer,