OpenSSL Security Advisory

Posted by Phil Smith on 24 March, 2010

No comments yet

This item was filled under [ OpenSSL, Releases ]

“Record of death” vulnerability in OpenSSL 0.9.8f through 0.9.8m

================================================================

In TLS connections, certain incorrectly formatted records can cause an OpenSSL

client or server to crash due to a read attempt at NULL.

Affected versions depend on the C compiler used with OpenSSL:

- – If ‘short’ is a 16-bit integer, this issue applies only to OpenSSL 0.9.8m.

- – Otherwise, this issue applies to OpenSSL 0.9.8f through 0.9.8m.

Users of OpenSSL should update to the OpenSSL 0.9.8n release, which contains a

patch to correct this issue. If upgrading is not immediately possible, the

source code patch provided in this advisory should be applied.

Bodo Moeller and Adam Langley (Google) have identified the vulnerability

and prepared the fix.

Patch

- —–

- --- ssl/s3_pkt.c      24 Jan 2010 13:52:38 -0000    1.57.2.9

+++ ssl/s3_pkt.c  24 Mar 2010 00:00:00 -0000

@@ -291,9 +291,9 @@

if (version != s->version)

SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);

- -                     /* Send back error using their

- -                      * version number   */

- -                     s->version=version;

+                                if ((s->version & 0xFF00) == (version & 0xFF00))

+                                   /* Send back error using their minor version number   */

+                             s->version = (unsigned short)version;

al=SSL_AD_PROTOCOL_VERSION;

goto f_err;

References

- ———-

This vulnerability is tracked as CVE-2010-0740.

URL for this Security Advisory:

http://www.openssl.org/news/secadv_20100324.txt

Tagged with: [ OpenSSL ]

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

« OpenSSL version 0.9.8n

MySQL Community Server 5.1.45 »

Blog Subscription

Subscribe via RSS Feed stay updated with blog articles

Recent Posts

Tags

.uk Advisory Apache Apache 2.2 Apache 2.3 CCleaner ClamAV Cloud Testing DNS Error logs Firebug Firefox Firefox 3.5 Firefox 3.6 Firefox 4.0 IE9 MySQL MySQL 5.1 MySQL 5.5 MySql 5.6 MySQL Community Server MySQL Connector MySql Connector/Net MySQL Connector/ODBC MySQL Workbench Net-SNMP Nominet OpenSSH OpenSSL OpenSSL 0.9.8 OpenSSL 1.0 PHP Release Releases Security Sendmail Thunderbird VirtualBox Webserver logs Wireshark Wireshark 1.2 Wireshark 1.4 Wordpress Zend Zend Framework
Archives
March 2010

M T W T F S S

« Feb Apr »

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31
Categories
- Apache (16)
- DNS (5)
- Firefox (6)
- Misc (2)
- MySQL (60)
- OpenSSL (14)
- Releases (137)
- Tools (16)
- Wireshark (9)
- Zend/PHP (14)
Links

UserReplay - Real Customer Insight
Cloud Testing
Website Archiving Service
Website History Service
The Browser Guru
UK Forces Discounts
Nursery Fresh Postal Flowers
Nursery Fresh Wholesale Flowers
Website-Archiving Blog
- What is eDiscovery? August 15, 2011
  eDiscovery (also known as e-discovery or electronic discovery) is a process where electronic data is sought, located, secured, and searched to be used as evidence in a civil or criminal legal case. All types of data and computer files can be used – text, images, databases, spreadsheets, audio files, video files and websites. To secure […]
- PHP / Web Developer July 28, 2011
  Role: PHP Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced PHP developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include PHP 5, MySQL, CSS, JavaScript, jQuery Experience of web analytics and / or website performance monitoring would be […]
- C / Linux Developer July 28, 2011
  Role: C / Linux Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced C / Linux developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include C, MySQL, Linux, TCP/IP, Networking Experience of web analytics and / or website performance […]
- We’re now hiring…. July 11, 2011
  As part of our continued expansion, we’re hiring – see our new careers for all our latest vacancies. http://www.cloudtesting.com/careers.php […]
- Regulatory Compliance and eDiscovery July 1, 2011
  We provide our customers with a fast set-up and easy to use solution for the need to comply with Information Governance regulations around web-content. FINRA (US) – Financial Industry Regulatory Authority – www.finra-compliance.com SEC (US) – Securities and Exchange Commission – www.sec-compliance.net NASD (US) – National Association Of Securities Dealers – […]
- Website eDiscovery June 28, 2011
  We’ve launched a new site dedicated to website eDiscovery and archiving for compliance: http://www.website-ediscovery.com/ […]
- Updated eDiscovery website June 28, 2011
  We’re pleased to announce the release of our updated website at: http://www.website-archive.com/ It includes updated details on our Website Archiving and eDiscovery services. […]
- Archive your website in Firefox 4.0 or Internet Explorer 9 May 27, 2011
  We are pleased to announce that you can now capture daily or weekly screenshots of your website in Firefox 4.0 and Internet Explorer 9. This is in addition to the existing full range of browser versions we already support: Firefox (3.0, 3.5, 3.6) Internet Explorer (6, 7, Safari 3.2, 4.0, 5.0) Opera Google Chrome. […]
- Need FSA (Financial Services Authority) compliance? April 15, 2011
  Need FSA (Financial Services Authority) compliance? http://www.fsa-compliance.com/ […]
- Need Freedom of Information Act website compliance? April 14, 2011
  Need Freedom of Information Act website compliance? http://www.foi-compliance.com/ […]
The Browser Guru
- Website Archiving in Japan January 27, 2011
  Following a successful year running its Functional and Cross Browser Website Testing services in Japan, Cloud Testing (www.cloudtesting.com) has announced it is now launching its Website Archiving service in Japan. More details will be available at the specific website: http://www.website-archive.jp/ […]
- FSA Website Archiving Regulation January 27, 2011
  The UK’s Financial Services Authority (FSA) lists its regulations and guidance regarding website archiving in its ‘Conducting Of Business Sourcebook’ (COBS). COBS 4 covers ‘Communicating with clients, including financial promotions’ and COBS 5 covers ‘Distance communications’, both of which have state the information that need to be stored. More information […]
- Useful links for Cloud Testing and Archiving August 21, 2010
  Links: www.cloudtesting.com www.cloud-testing.com www.cloudtesting.co.uk www.cloudtesting.us www.cloudtesting.eu www.cloudloadtesting.com www.cloudloadtesting.co.uk www.cloudloadtest.com www.cloudloadtest.co.uk www.cloudwebtest.com www.themonitoringcloud.com www.themonitoringcloud.co.uk www.monitoringcloud.com www.loadtestingcloud.com www.cloudtesting.jp www […]
- 97% of Chrome users running the latest version August 7, 2010
  According to “Why Silent Updates Boost Security” (download PDF), 97% of Chrome users were running the latest version of the browser within 21 days of the last update’s release. By comparison, 85% of Firefox users were up-to-date in the same span, while only 53% Safari users could say the same. […]
- Firefox 3.6.8 released July 23, 2010
  Security Advisories Fixed in Firefox 3.6.8: MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix From http://www.mozilla.org/security/known-vulnerabilities/firefox36.html […]
- FINRA Compliance July 11, 2010
  FINRA (Financial Industry Regulatory Authority) was created in July 2007 with the consolidation of the regulation enforcement and arbitration functions of the New York Stock Exchange with the National Association Of Securities Dealers (NASD). FINRA in conjunction with the Securities and Exchange Commission (SEC) are regulatory agencies for the financial serv […]
- Firefox 3.6.6 June 27, 2010
  Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. […]
- Firefox gets crash protection with release of version 3.6.4 June 23, 2010
  Firefox 3.6.4 has been released with crash protection for Adobe’s Flash Player, Apple ‘s QuickTime and Microsoft ‘s Silverlight plug-ins, and is available only in Firefox for Windows and Linux . Mozilla is still working on the “out of process plug-ins,” or OOPP feature, for the Mac version. The version also patches nine vulnerabilities, six […]
- Firefox 3.5.10 June 23, 2010
  Firefox 3.5.10 has been released – it patches nine vulnerabilities, six of them critical. […]
- Safari 5.0 June 10, 2010
  This update contains new features including: Safari Reader: Click on the new Reader icon to view articles on the web in a single, clutter-free page. Improved Performance: Safari 5 executes JavaScript up to 25% faster than Safari 4. Better page caching and DNS prefetching speed up browsing. Bing Search Option: New Bing search option for […]

March 2010
M	T	W	T	F	S	S
« Feb		Apr »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Marketgrid on Twitter
- Marketgrid: RT @UserReplay: Waitrose online sales up 49% over Xmas. #UserReplay January 9, 2012
- Marketgrid: MySQL Connector/Net 6.5.0 beta http://t.co/TB4lNSl6 January 9, 2012
- Marketgrid: MySQL Workbench 5.2.37 http://t.co/lthxUfdw January 9, 2012
- Marketgrid: OpenSSL version 1.0.1 Beta 1 http://t.co/vnmFCAys January 9, 2012
- Marketgrid: RT @UserReplay: Boxing Day 2011 biggest ever day for online retail http://t.co/NIwAdR3P #UserReplay January 9, 2012
- Marketgrid: RT @UserReplay: Internet Retailing Expo 2012 - UserReplay Stand F11 #UserReplay http://t.co/O7aVMukD January 9, 2012
- Marketgrid: RT @CloudTesting: New Vacancy – Linux / Networking / Installation Engineer - http://t.co/XbENom2R December 22, 2011
- Marketgrid: RT @I_KMP: We're hiring - Linux / Networking / Installation Engineer. Based in Guildford, Surrey with UK and European travel #UserReplay December 22, 2011
- Marketgrid: RT @I_KMP: Linux / Networking / Installation Engineer http://t.co/Qli6ETvh December 22, 2011
- Marketgrid: RT @UserReplay: Website customer experience: http://t.co/S1u0alQy #UserReplay December 22, 2011
Cloud Testing Blog
- Business Development Manager – Up to £80K OTE (open ended) August 23, 2011
  Role: Business Development Manager Salary: £35K-£40K Base. Up to £80K OTE (open ended) Based: Guildford i-KMP is a young and fast growing company. We offer technology solutions that focus on Website Audit, Performance and User Experience. We are on the look out for a number of New Business supremos to join our sales team selling […]
- C / Linux Developer July 28, 2011
  Role: C / Linux Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced C / Linux developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include C, MySQL, Linux, TCP/IP, Networking Experience of web analytics and / or website performance […]
- PHP / Web Developer July 28, 2011
  Role: PHP Developer Salary: To £30K depending on experience Based: Guildford, Surrey We are looking for an experienced PHP developer to join our expanding team in Guildford developing a new User eXperience (UX) product. Key skills include PHP 5, MySQL, CSS, JavaScript, jQuery Experience of web analytics and / or website performance monitoring would be […]
- We’re hiring… July 11, 2011
  As part of our continued expansion, we’re hiring – see our new careers for all our latest vacancies. http://www.cloudtesting.com/careers.php […]
- Support for Firefox 5.0 July 9, 2011
  We’re currently working on an update for our service to support Firefox 5.0 – watch this space. […]
- Archive your website in Firefox 4.0 and Internet Explorer 9 May 27, 2011
  We are pleased to announce that you can now capture daily or weekly screenshots of your website in Firefox 4.0 and Internet Explorer 9. This is in addition to the existing full range of browser versions we already support: Firefox (3.0, 3.5, 3.6) Internet Explorer (6, 7, Safari 3.2, 4.0, 5.0) Opera Google Chrome. […]
- Firefox 4.0 and Internet Explorer 9 added to Cloud Testing May 27, 2011
  We are pleased to announce that you can now functionally and cross browser test your website in Firefox 4.0 and Internet Explorer 9. This is in addition to the existing full range of browser versions we already support: Firefox ( 3.0, 3.5, 3.6 ) Internet Explorer ( 6, 7, 8 ) Safari ( 3.2, […]
- New Websites March 31, 2011
  We’ve just launched our new corporate and product websites Corporate Site http://www.cloudtesting.com/ Functional and Cross Browser Testing Service http://www.cloudtesting.com/functional-testing/ Website Archiving Service http://www.website-archive.com/website-archiving/ […]
- CMS Version Control – White Paper March 4, 2011
  We’re pleased to announce the release the second in our series of White Papers, which covers CMS (Content Management System) Version Control. “Regulatory bodies from Government to Advertising Standards and Industry watchdogs have been increasingly focusing their attention on the digital communications displayed across corporate websites…” It can be downloade […]
- UK Websites must now be legal, decent, honest and truthful! February 8, 2011
  The ASA (Advertising Standards Authority) is the UK’s independent watchdog which maintains standards in advertising for the benefit of consumers, advertisers and society at large. The Committee of Advertising Practice (CAP) regulates non-broadcast advertising. It was set up in 1961 to regulate all print advertising and prevent the need for government legisla […]

Marketgrid Consulting Blog

Recent Posts

OpenSSL version 1.0.1 Beta 1

MySQL Workbench 5.2.37

MySQL Connector/Net 6.5.0 beta

MySQL Connector/Net 6.3.8 GA

Browse by Tags

OpenSSL Security Advisory

Blog Subscription

Recent Posts

Archives

Categories

Links

Website-Archiving Blog

The Browser Guru

Marketgrid on Twitter

Cloud Testing Blog