Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Redhat OpenSSL: denial of service via locking management

July 2015 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can repeatedly connect to a TLS multithread server
using the Redhat version of OpenSSL, in order to trigger a denial
of service.

Impacted products: Fedora, openSUSE, RHEL, SUSE Linux Enterprise
Desktop, SLES

Severity: 1/4

Creation date: 16/06/2015

DESCRIPTION OF THE VULNERABILITY

RedHat modified the upstream OpnSSL code for packaging. It
includes a change about locking in multithread applications in the
pseudo random number generator.

However, this locking is not suitably done and there are thread
interleaving that will allow 2 threads entering in the same
critical section, which will lead to the corruption of a pointer
and then to a fatal exception of kind SIGSEGV.

An attacker can therefore repeatedly connect to a TLS multithread
server using the Redhat version of OpenSSL, in order to trigger a
denial of service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Redhat-OpenSSL-denial-of-service-via-locking-management-17147


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts