CVE-2011-3210

Priority
Description
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through
0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during
processing of handshake messages from clients, which allows remote
attackers to cause a denial of service (daemon crash) via out-of-order
messages that violate the TLS protocol.
Assigned-to
sbeattie
Notes
jdstrandfrom upstream: applications are only affected by the CRL checking
vulnerability if they enable OpenSSL's internal CRL checking which is off by
default. For example by setting the verification flag X509_V_FLAG_CRL_CHECK
or X509_V_FLAG_CRL_CHECK_ALL
The following packages in main use this X509_V_FLAG_CRL_CHECK*
curl, dovecot, exim4, freeradius, ipsec-tools, krb5, libio-socket-ssl-perl,
libnet-ssleay-perl, likewise-open, mysql-5.1, nmap, openldap, openvpn,
postgresql-9.1, ruby1.8, squid, telepathy-gabble, telepathy-salut,
wpasupplicant
the above need to also support ECDH to be affected
Package
Upstream:released (1.0.0e)
Patches:
Upstream:http://cvs.openssl.org/chngview?cn=21334 (0.9.8)
Upstream:http://cvs.openssl.org/chngview?cn=21335 (1.0.0)
More Information

Updated: 2020-09-10 01:46:23 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)