CVE-2008-1672

Publication date 29 May 2008

Last updated 24 July 2024


Ubuntu priority

OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses “particular cipher suites,” which triggers a NULL pointer dereference.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
openssl 8.04 LTS hardy
Fixed 0.9.8g-4ubuntu3.3
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

    • USN-620-1
    • OpenSSL vulnerabilities
    • 26 June 2008

Other references