Pair of Flaws Found in OpenSSL

    Date30 Sep 2003
    CategoryCryptography
    3623
    Posted ByAnthony Pell
    Security researchers have discovered a pair of vulnerabilities in the OpenSSL software package, one of which may allow an attacker to execute code on vulnerable machines.. . . Security researchers have discovered a pair of vulnerabilities in the OpenSSL software package, one of which may allow an attacker to execute code on vulnerable machines.

    Both vulnerabilities have to do with the way the package interacts with ASN.1 (Abstract Syntax Notation One), a low-level language used to describe abstract syntax. OpenSSL implements both the SSL and TLS security protocols, and though neither protocol is based on ASN.1, they do handle ASN.1 objects.

    The more serious of the two new flaws concerns the way that OpenSSL "deallocates" memory that is used to store ASN.1 structures. When the parser in OpenSSL comes across an encoded structure that it judges to be invalid, its behavior becomes unpredictable. The vulnerability can be used to cause a denial of service condition in vulnerable systems, according to an advisory published Tuesday by the CERT Coordination Center, in Pittsburgh.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"5","type":"x","order":"1","pct":45.45,"resources":[]},{"id":"56","title":"No","votes":"6","type":"x","order":"2","pct":54.55,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.