OpenSSL 'ssl3_get_record()' Remote Denial Of Service Vulnerability Network Vulnerability

Summary

OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference. According to its banner, OVS has discovered that the remote Webserver is using a version prior to OpenSSL 0.9.8n which is vulnerable. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. OpenSSL versions 0.9.8f through 0.9.8m are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://openssl.org/news/secadv_20100324.txt
http://www.openbsd.org/errata45.html
http://www.openbsd.org/errata46.html
http://www.openbsd.org/errata47.html
http://www.openssl.org
http://www.securityfocus.com/archive/1/510726
http://www.securityfocus.com/bid/39013

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0740
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Eggdrop Server Module Message Handling Remote Buffer Overflow Vulnerability
FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
Baidu Spark Browser Denial of Service Vulnerability -01 August14 (Windows)
F-PROT Antivirus Multiple Vulnerabilities
CUPS Denial of Service Vulnerability - Jun09

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities