Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSL < 1.1.0a Multiple Vulnerabilities

High

Synopsis

The remote web server is running an outdated instance of OpenSSL and that is affected by multiple vulnerabilities.

Description

According to its banner, the version of OpenSSL on the remote host is prior to 1.1.0a and is affected by the following vulnerabilities :

- A flaw exists in the 'ssl_parse_clienthello_tlsext()' function in 'ssl/t1_lib.c' that is triggered when handling overly large OCSP Status Request extensions from clients. This may allow a remote attacker to exhaust available memory in a process linked against the library. (CVE-2016-6304) - A flaw exists in the 'SSL_peek()' function in 'ssl/record/rec_layer_s3.c' that is triggered during the handling of an empty record. This may allow a remote attacker to cause SSL or TLS to hang in a process linked against the library. (CVE-2016-6305) - A flaw exists in the 'tls_get_message_header()' function in 'ssl/statem/statem_lib.c' that is triggered when handling TLS messages. With a specially crafted request, a remote attacker can cause a process linked against the library to exhaust available memory. (CVE-2016-6307) According to the vendor, this issue will only have a security impact if one of the following conditions are met : 1) The application does not call 'SSL_free()' in a timely manner in the event that the connection fails, 2) The application is working in a constrained environment where there is very little free memory, or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection, 'SSL_free()' has not yet been called, and there is insufficient memory to service the multiple requests. - A flaw exists in the 'dtls1_preprocess_fragment()' function in 'ssl/statem/statem_dtls.c' that is triggered during the handling of excessively long DTLS messages. This may allow a remote attacker to exhaust memory resources in a process linked against the library. (CVE-2016-6308) According to the vendor, this issue will only have a security impact if one of the following conditions are met : 1) The application does not call 'SSL_free()' in a timely manner in the event that the connection fails, 2) The application is working in a constrained environment where there is very little free memory, or 3) The attacker initiates multiple connection attempts such that there are multiple connections in a state where memory has been allocated for the connection, 'SSL_free()' has not yet been called, and there is insufficient memory to service the multiple requests.

Solution

Upgrade OpenSSL to version 1.1.0a or higher