New OpenSSL Vulnerabilities Discovered

New OpenSSL Vulnerabilities Discovered

Vigilinx, the leading provider of independent, proactive security intelligence, today advised clients of the discovery of a potentially dangerous vulnerability in certain versions of OpenSSL code which enables encrypted communication on the Internet.

Parsippany, N. J. (PRWEB) August 3, 2002 -

Vigilinx, the leading provider of independent, proactive security intelligence, today advised clients of the discovery of a potentially dangerous vulnerability in certain versions of OpenSSL code which enables encrypted communication on the Internet. Initial analysis of the vulnerabilities and early patches in VigilinxÂ’ Patch Validation Laboratory corroborates researchers reports on this vulnerability. The vulnerability has been reported in findings by the Defense Advanced Research Projects Agency and the Air Force Research Laboratory. Two additional independent security researchers have also confirmed it.

The problem involves four buffer overflow vulnerabilities. One causes the denial of service vulnerability, while the other three allow a remote attacker to execute code with root-level privileges. Affected systems are those using OpenSSL 0.9.6d or earlier, 0.9.7-beta2 or earlier, or the current development snapshots of 0.9.7. The vulnerabilities affect both client and server.

“The wide proliferation of servers that utilize SSL to protect encrypted sessions, may make these vulnerabilities significant,” said Bruce Murphy, Vigilinx CEO. “At this point, we are not aware of any damage that has been inflicted due to this vulnerability, but we believe that the potential for damage is high and a proactive response is warranted. “

Additional information about this vulnerability can be found at www. vigilinx. com.

About Vigilinx

Vigilinx is a leading digital security solutions company, offering a complete line of security products and services including security intelligence, managed security services, knowledge products, security advisory consulting, integration services, investigation/forensics services, and training. The company has industry practices devoted to vertical markets, including financial services, telecommunications, government, media and entertainment, and general services. The firm serves both mid-sized and Fortune 500 companies, including American Electric Power, General Electric, AT&T, Citigroup and Cardinal Health. Visit the company online at http://www. vigilinx. com (http://www. vigilinx. com).

FOR MORE INFORMATION, CONTACT

Iris Goldhaber

Vigilinx, Director of Marketing

973.541.5404

Iris. Goldhaber@vigilinx. com