Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL 1.x
OpenSSL Project OpenSSL 0.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 47888
Cve id: CVE-2011-1945
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
In OpenSSL 1.0.0d and earlier ECC subsystems, when ECDSA is used in an ECDHE_ECDSA password group, the curves over binary field is not correctly implemented, allowing attackers to determine keys through timed attacks and raster computing.
<* Source: Billy Bob Brumley
Link: http://www.kb.cert.org/vuls/id/536044
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OpenSSL Project
---------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openssl.org/