In association with heise online

15 October 2007, 15:04

Security vulnerability in OpenSSL DTLS implementation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The OpenSSL development team have fixed a critical security vulnerability involving processing of DTLS connections in the new version, 0.9.8f, of their encryption library. The vulnerability may allow attackers to remotely inject arbitrary malicious code and gain control of vulnerable systems. DTLS (Datagram TLS) is a version of TLS for the UDP protocol. Standard TLS and SSL applications are based on TCP and are not affected by the problem.

As an IETF propagated standard for encryption of internet telephony connections, DTLS is likely to attain considerable significance in future. A large number of DTLS applications can also be anticipated in other areas such as media streaming and gaming servers. To date, however, very few products support DTLS. Linux distributor Red Hat, for example, felt obliged to point out in its own OpenSSL advisory that none of the packages in its software repository currently uses DTLS.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit