search

lixuewei / rt-n56u

Automatically exported from code.google.com/p/rt-n56u
0 stars 0 forks source link

CVE-2014-0224 #1262

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not 
properly restrict processing of ChangeCipherSpec messages, which allows 
man-in-the-middle attackers to trigger use of a zero-length master key in 
certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or 
obtain sensitive information, via a crafted TLS handshake, aka the "CCS 
Injection" vulnerability.

Source:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224

Note:
Version 1.0.1h is already available at openssl.org

Original issue reported on code.google.com by SharUp...@gmail.com on 6 Jun 2014 at 6:35

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
openssl: update to 1.0.1h

https://code.google.com/p/rt-n56u/source/detail?r=f819118270007bc2654704b8bcc19f
c42f372bc1

Original comment by Dr.Sydorenko.O on 7 Jun 2014 at 11:52

GoogleCodeExporter commented 9 years ago 
Thanks!

Original comment by SharUp...@gmail.com on 13 Jun 2014 at 9:24