Update Protection against OpenSSL TLS Connection Record Handling Denial of Service Vulnerability
| Check Point Reference: | CPAI-2010-080 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA38807 | |
| Industry Reference(s): | CVE-2010-0740 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? OpenSSL Project OpenSSL 0.9.8f through 0.9.8m | ||
| Vulnerability Description A denial of service vulnerability exists in OpenSSL. OpenSSL is an open-source library that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol functionality. A remote attacker may exploit this vulnerability to create a denial of service condition. |
||
|
Update/Patch Available Apply patch: OpenSSL |
|
|
Vulnerability Details The vulnerability is due to an error in the OpenSSL ssl3_get_record() function when handling TLS connections. A remote attacker could exploit this flaw via a specially crafted TLS packet. Successful exploitation could result in termination of the affected service. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.