OpenSSL NULL pointer indirect reference Local Denial of Service Vulnerability (CVE-2014-5139)
Release date:
Updated on:
Affected Systems:
OpenSSL Project OpenSSL <1.0.1i
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69077
CVE (CAN) ID: CVE-2014-5139
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
OpenSSL has a security vulnerability when processing the SRP password group in the Hello Message of the server. This vulnerability affects the OpenSSL Client, so that the malicious server does not properly negotiate with the client, by specifying the SRP password group, a null pointer is indirectly referenced, resulting in client crash.
<* Source: Joonas Kuorilehto
Riku Hietam & #228; ki
Link: http://www.openssl.org/news/secadv_20140806.txt
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OpenSSL Project
---------------
OpenSSL projecthas published a Security Bulletin Board (secadv_20140806.txt) and corresponding patches for this purpose:
Secadv_20140806.txt: OpenSSL Security Advisory [6 Aug 2014]
Link: http://www.openssl.org/news/secadv_20140806.txt
Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian
OpenSSL "heartbleed" Security Vulnerability
Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: