SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
OpenSSL DTLS Replace Protection Sequence Number Processing Errors Let Remote Users Deny Service
SecurityTracker Alert ID:  1036690
SecurityTracker URL:  http://securitytracker.com/id/1036690
CVE Reference:   CVE-2016-2181   (Links to External Site)
Date:  Aug 25 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions on the target system.

A remote user can send data with a specially crafted sequence number to trigger a flaw in the DTLS replay protection implementation and cause valid packets to be dropped by the target system.

Impact:   A remote user can cause DTLS packets to be dropped by the target system.
Solution:   The vendor has issued a source code fix, available at:

https://github.com/openssl/openssl/commit/5802758eb480c5f14a768f6a061df1dd20aec8c4
https://github.com/openssl/openssl/commit/b77ab018b79a00f789b0fb85596b446b08be4c9d
https://github.com/openssl/openssl/commit/fa75569758298e2930c78989b516cac937118acc

Vendor URL:  openssl.org/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 23 2016 (FreeBSD Issues Fix) OpenSSL DTLS Replace Protection Sequence Number Processing Errors Let Remote Users Deny Service
FreeBSD has issued a fix for FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0.
Nov 15 2016 (IBM Issues Fix for IBM AIX) OpenSSL DTLS Replace Protection Sequence Number Processing Errors Let Remote Users Deny Service
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC