OpenSSL DTLS Remote Denial of Service Vulnerability (CVE-2014-3510)

OpenSSL DTLS Remote Denial of Service Vulnerability (CVE-2014-3510)

Release date:
Updated on:

Affected Systems:
OpenSSL Project OpenSSL <1.0.1i
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69082
CVE (CAN) ID: CVE-2014-3510
 
OpenSSL is an open-source SSL implementation that implements high-strength encryption for network communication. It is widely used in various network applications.
 
If the OpenSSL DTLS client enables an anonymous (EC) DH password group, a denial of service vulnerability exists in the implementation. Attackers can specify an anonymous (EC) DH password group and send a specially crafted handshake message, using null pointer indirect reference to trigger client crash, resulting in DoS attacks.
 
<* Source: Felix Grobert

Link: http://www.openssl.org/news/secadv_20140806.txt
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
OpenSSL Project
---------------
OpenSSL projecthas published a Security Bulletin Board (secadv_20140806.txt) and corresponding patches for this purpose:
Secadv_20140806.txt: OpenSSL Security Advisory [6 Aug 2014]
Link: http://www.openssl.org/news/secadv_20140806.txt

Severe OpenSSL bug allows attackers to read 64 KB of memory, fixed in half an hour in Debian

OpenSSL "heartbleed" Security Vulnerability

Provides FTP + SSL/TLS authentication through OpenSSL and implements secure data transmission.

OpenSSL details: click here
OpenSSL: click here

This article permanently updates the link address: