Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: OpenSSL 1.0.2 Advisory and Update SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSL 1.0.2 Advisory and Update

On the 26 ISC handler Rob posted a onliner that a major flaw exposed TLS traffic (CVE-2016-0701) where an attacker could decrypt and obtain information on traffic that you would deem secure. "More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support." [2]

This serious vulnerability affects OpenSSL version 1.0.2 and should upgrade to version 1.0.2f. Version 1.0.1 is not affected because support for X9.42 style parameter has not been implemented. If you are upgrading from source code, the latest version can be downloaded here or check your Linux version for package update.

[1] https://isc.sans.edu/diary.html?date=2016-01-26
[2] https://www.openssl.org/news/secadv/20160128.txt
[3] https://www.openssl.org/source/

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Guy

446 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!