OpenSSL high severity vulnerability released on 9th July 2015

The OpenSSL project described as “high severity” a vulnerability CVE-2015-1793 released on 9th July 2015.OpenSSL project categorizes high severity include server denial-of-service, a significant leak of
server memory and remote code execution According to the announcement, the July 9 release will address OpenSSL versions 1.0.2d and 1.0.1p. The flaw does not affect versions 1.0.0 or 0.9.8.

Security experts have speculated that this high severity bug could be another Heartbleed(discovered in April 2004, was a bug in an earlier version of OpenSSL that allowed hackers to read sensitive contents of
victims’ encrypted data, including credit card details and even steal crypto SSL keys from Internet servers or client software.) or POODLE bug(Padding Oracle On Downgraded Legacy Encryption — was unearthed in the decade old but widely used SSL 3.0 cryptographic protocol that allowed attackers to decrypt the contents of encrypted connections.) or Freak (a flaw revealed earlier this month that can allow an attacker to initiate a weaker type of encrypted connection that can be compromised more easily.)that were considered to be the worst TLS/SSL vulnerabilities still believed to be affecting websites on Internet today.

The latest versions also patch Logjam (CVE-2015-4000), a TLS bug that can be exploited through man-in-the-middle (MitM) attacks to downgrade connections to 512-bit export-grade cryptography. The vulnerability allows an attacker to read and alter encrypted data.

Reference for poodle attack

https://teckadmin.wordpress.com/2014/12/22/poodle-attack/

Advertisements

Posted on July 18, 2015, in General, LInux Based. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: