Check Point Reference: | CPAI-2012-171 |
Date Published: | 10 May 2012 |
Severity: | High |
Last Updated: | Thursday 10 May, 2012 |
Source: | |
Industry Reference: | CVE-2011-3210 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | A use-after-free vulnerability has been reported in OpenSSL. The vulnerability is due to an error in the way the server handles handshake requests arriving in a certain order. A remote attacker could exploit this vulnerability by sending a malicious handshake sequence to a target server. Successful exploitation could result in arbitrary code execution, in the context of the affected application. |
IPS will detect and block malicious handshake requests sent to the TLS/SSL server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: OpenSSL Enforcement Violation.
Attack Information: OpenSSL Handshake Sequence Cipher Suite Use-After-Free