Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

OpenBSD and two of its SSL libraries need security patches

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 7, 2017

It looks like the OpenBSD server and two of its SSL libraries will soon need security patches against two denial-of-service (DDoS) security flaws that can crash internet-facing servers.

The first security bug is in the operating system's SSL implementation, specifically in the HTTP daemon. An advisory asserts the fact that the daemon can be crashed with repeated SSL renegotiation.

A single renegotiation thread can apparently suck up to 70 percent of the CPU cycles, meaning that if the attacker fires multiple renegotiation threads at the target, the daemon will crash, and there is no trace of such attacks in the httpd logs.

The second security flaw, which has been given the common vulnerabilities and exposures number CVE-2017-5850 is a memory exhaustion bug, again in the HTTP daemon.

“Requesting a specific file using a file-range will result in having a httpd process doing a full malloc() of the requested file,” the report states.

“It appears that the entry is not correctly free()'d.” Malloc() and free() are memory management calls in the standard C library.

“Hence, it's possible to DDoS the remote server by requesting a file over and over by specifying a custom file range,” the report asserts.

The other requirement for this attack to happen is for the attacker to identify a file larger than around 10 MB served by the victim's machine.

OpenBSD has responded to the two issues. The memory exhaustion bug is dealt with in bug fixes outlined on our site for version 6.0 and for version 5.9.

The SSL renegotiation bug is in the LibreSSL implementation used by OpenBSD. The fix is in security patches in the SSL and TLS libraries so that sysadmins can block client-initiated renegotiation issues.

Source: Open BSD.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer