Signature Detail

Short Name	SSL:OPENSSL-TLSRECORD-DOS
Severity	Medium
Recommended	Yes
Recommended Action	Drop
Category	SSL
Keywords	OpenSSL TLS Record Tampering Denial of Service
Release Date	2014/05/02
Update Number	2371
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SSL: OpenSSL TLS Record Tampering Denial of Service

This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.

Extended Description

The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.

Affected Products

openssl 1.0.1a
openssl 1.0.1b
openssl 1.0.1 (beta1)
openssl 1.0.1 (beta2)
openssl 1.0.1 (beta3)
openssl 1.0.1c
openssl 1.0.1d
openssl 1.0.1e

References

CVE: CVE-2013-4353

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

SSL: OpenSSL TLS Record Tampering Denial of Service

Extended Description

Affected Products

References