Synopsis
The remote web server is affected by multiple vulnerabilities.
Description
Versions of OpenSSL 0.9.8 earlier than 0.9.8s, and 1.0.0 earlier than 1.0.0f are potentially affected by the following vulnerabilities :
- An extension of the Vaudenay padding oracle attack exists against CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. (CVE-2011-4108)
- If x509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. (CVE-2011-4109)
- OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. (CVE-2011-4576)
- RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. (CVE-2011-4577)
- Support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. (CVE-2011-4619)
- A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to a lack of error checking. (CVE-2012-0027)
Solution
Upgrade to OpenSSL 0.9.8s, 1.0.0f, or later.