PROBLEM:
OpenSSL DTLS Bug Lets Remote Users Deny Service
PLATFORM:
Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected.
ABSTRACT:
A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack.
REFERNCE LINKS:
CVE-2012-0050
SecurityTracker Alert ID: 1026548
OpenSSL Security Advisory [18 Jan 2011]
OpenSSL News
IMPACT ASSESSMENT:
Medium
Discussion:
A vulnerability was reported in OpenSSL. The fix to correct the Datagram Transport Layer Security (DTLS) vulnerability referenced by CVE-2011-4108 introduced a flaw. A remote user can send specially crafted data to cause denial of service conditions on the target system.
Impact:
A remote user can cause denial of service conditions.
Solution:
Affected users should upgrade to OpenSSL 1.0.0g or 0.9.8t.