This weblog is no longer being maintained. All information here has been ported to EclecticEchoes.com. This site (heupel.com/eclectic) remains only for archival purposes.

October 02, 2003

CERT Advisory CA-2003-26

A new CERT® advisory was issue yesterday CA-2003-26.

This advisory is for multiple vulnerabilities in for SSL / TLS protocol implementations. Primarily occuring in ASN.1 parsing code. Possible impact ranges from DOS to allowing attacker to execute arbitrary code.
Systems Affected:

  • OpenSSL versions prior to 0.9.7c and 0.9.6k
  • Multiple SSL/TLS implementations
  • SSLeay library

Be sure to visit the advisory for specific vendor solutions.

Posted by Eric at October 2, 2003 05:55 AM | TrackBack
Comments & Trackbacks