Flaw in OpenSSL could allow DoS on servers.
A vulnerability in
OpenSSL
software, used to access the administration interface in some
F-Secure
gateway and mail protection products, could allow remote attackers to carry out a denial of service attack on servers running the product,
F-Secure
have announced.
The
OpenSSL
flaw can also be used to gain remote system access in some cases, but
F-Secure
‘s implementation is only vulnerable to DoS attacks. The affected products are
F-Secure Anti-Virus for Microsoft Exchange
and
F-Secure Internet Gatekeeper
, versions 6.4 and up, and admins running this software are advised to update to ensure they are protected.
Both hotfixes for
OpenSSL
and updated versions of the F-Secure software are available. The original
OpenSSL
advisory is
here
, while
F-Secure
‘s alert, including links to fixed products versions, is
here
. A
Secunia
alert on the issue can be found
here
.
Posted on 29 November 2006 by
Virus Bulletin
Leave a Reply