OpenSSL.Handshake.DoS

description-logoDescription

This indicates a possible attempt to exploit a vulnerability in the OpenSSL library.
The vulnerability is caused by a NULL pointer dereference in the function do_change_cipher_spec defined in ssl/s3_pkt.c. It allows remote attackers to crash the server via a crafted SSL/TLS handshake.

affected-products-logoAffected Products

OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c

Impact logoImpact

Denial of service.

recomended-action-logoRecommended Actions

Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications that are statically linked to OpenSSL libraries.
ftp://ftp.openssl.org/source/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)