| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Mar 2004 15:30:25 +0000 (GMT) From: Mark J Cox <mark@....com> To: Marc Bejarano <bugtraq@...j.org> Cc: bugtraq@...urityfocus.com Subject: Re: New OpenSSL releases fix denial of service attacks [17 March 2004] > according to NISCC Vulnerability Advisory 224012 ( > http://www.uniras.gov.uk/vuls/2004/224012/index.htm ), there is also a > third potential DoS that was found with this testing sweep: CVE > CAN-2004-0081. quoting from the NISCC advisory: Absolutely, but that was fixed back in 0.9.6d a long time ago. > NISCC/224012/3 [OpenSSL 0.9.6] > CAN-2004-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081 > Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool > uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a > Denial of Service attack (infinite loop). This issue was traced to a fix > that was added to OpenSSL 0.9.6d some time ago. This issue will affect > vendors that ship older versions of OpenSSL with backported security patches. Mark -- Mark J Cox ........................................... www.awe.com/mark Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor
Powered by blists - more mailing lists