'Record of Death' takes out OpenSSL servers
Crafted TLS packets can crash OpenSSL servers and clients. The problem is caused by an error in the ssl3_get_record() function, which processes SSL records. Data is transferred between end points in SSL records. According to an advisory from the OpenSSL development team, incorrectly formatted records can cause a memory access error.
OpenSSL versions 0.9.8f to 0.9.8m are in theory affected, however the bug depends on the C compiler used. Where 'short' is defined as a 16 bit integer (which is almost always the case) only 0.9.8m is affected. Updating to OpenSSL version 0.9.8n resolves the problem.
See also:
- "Record of death" vulnerability in OpenSSL 0.9.8f through 0.9.8m, advisory from OpenSSL
(djwm)