Vulnerability in PolarSSL makes executing malicious code as possible




The Dutch security company Certified Secure has recently found a vulnerability in the SSL library PolarSSL. By such a leak can execute malicious in some cases systems arbitrary code or a Denial of Service attacks.

Lack ssl Security researchers from Certified Secure the leak came earlier this month on the track during a routine check, so write them. The vulnerability is a function in the processing of X.509 certificates. This verifies PolarSSL used for SSL / TLS implementation, among other users who log on programs. Currently, the bug affects all versions since 1.0.

An attacker can through a rogue certificate server with PolarSSL fool. This is possible because the vulnerability can be used before it checks the validity of the certificate. Then, the criminal can strike a blow by to execute arbitrary code or to create a denial of service attack referenced.

Certified Secure discovered the vulnerability last week. Five days later the development of PolarSSL came with a patch, which is now to obtain . The Dutch security company advises anyone working with PolarSSL to install the software patch.

PolarSSL is a company that offers the same name both a free, open source as a commercial SSL library. The library was created in 2008 as a fork of the code of the XySSL project. Late last year, took chip designer ARM over the company. Compared to the competition claims PolarSSL provide better documentation, as well as more support.

Of PolarSSL makes the Dutch intelligence service AIVD use a modified version of the open source software OpenVPN, namely OpenVPN-NL. This program is co-organized by security firm Fox-IT, which initially examined approximately eight thousand lines of code took to the Dutch version. With OpenVPN-NL can government employees from home or another location to access confidential information. OpenVPN-NL is also a new variant appeared as a result of the vulnerability.


In: Technology & Gadgets Asked By: [15500 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »