OpenSSL.Handshake.DoS
Description
This indicates a possible attempt to exploit a vulnerability in the OpenSSL library.
The vulnerability is caused by a NULL pointer dereference in the function do_change_cipher_spec defined in ssl/s3_pkt.c. It allows remote attackers to crash the server via a crafted SSL/TLS handshake.
Affected Products
OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c
Impact
Denial of service.
Recommended Actions
Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications that are statically linked to OpenSSL libraries.
ftp://ftp.openssl.org/source/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |