Wind River Support Network

HomeDefectsLIN5-19571
Fixed

LIN5-19571 : Security Advisory - openssl - CVE-2014-3568

Created: Oct 19, 2014    Updated: Dec 19, 2017
Resolved Date: Oct 19, 2014
Previous ID: LIN4-31842
Found In Version: 5.0.1.20
Fix Version: 5.0.1.20
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol
downgrade.

Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

Other Downloads


Live chat
Online