Intrusion Prevention

OpenSSL.Omit.Key.Exchange.DoS

Description

This indicates an attempt to exploit a denial-of-service vulnerability in OpenSSL.
There is a NULL pointer dereference error in the OpenSSL client, which is triggered when a malicious server omits the 'Server Key exchange message' from a TLS handshake.

Affected Products

OpenSSL 0.9.8f and 0.9.8g.

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Update to version 0.9.8h.

CVE References

CVE-2008-1672