A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / OpenSSL Vulnerability by Man in The Middle (MITM) attack

OpenSSL Vulnerability by Man in The Middle (MITM) attack

TZCERT-2014-03: Vulnerability Alert

OpenSSL Vulnerability by Man in The Middle (MITM) attack

Date of First Release: 09-06-2014

Source: US-CERT, OpenSSL

OS Affected: Fedora Project, FreeBSD Project, Debian GNU/Linux, OpenSSL, Red Hat, Inc., Ubuntu.

Overview: A carefully crafted handshake can be used by an attackers to force the use of weak keying material in OpenSSL SSL/TLS clients and servers.

Description: The OpenSSL Project has released updates for OpenSSL 0.9.8, 1.0.0 and 1.0.1 to fix vulnerabilities that could allow an attacker use weak keying material in OpenSSL SSL/TLS clients and servers.

Impact: The vulnerability when exploited by “Man In The Middle” (MITM) attack, could allow an attacker to decrypt and modify the traffic from the attacked client and server.

Solution: Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.

OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to 0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to 1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to 1.0.1h.

References:

https://www.openssl.org/news/secadv_20140605.txt
http://www.kb.cert.org/vuls/id/978508

Check Also

SSL 3.0 Protocol Vulnerability and POODLE Attack

TZCERT-2014-12: VULNERABILITY ALERT  SSL 3.0 Protocol Vulnerability and POODLE Attack Date of First Release: 11-12-2014 …