Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
A vulnerability has been reported in IBM Lotus Protector for Mail Security, which can be exploited by malicious people to cause a DoS (Denial of Service).
IMPACT: NORMAL
PUBLISH DATE: 13-DEC-2018
OVERVIEW
A malicious server can send a very long prime value to a client. The client will have to spend a long time generating a key for this prime value. This may cause a hang and lead to Denial of Service.
ANALYSIS
OpenSSL is vulnerable to a Denial of Service (DoS) vulnerability. During key agreement in a TLS handshake using a DH(E) based ciphersuite, a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished.
This could be exploited in a Denial of Service attack.
Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h).
Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
AFFECTED PRODUCTS
UPDATES
This is done via the IBM Protector for Mail Security update mechanism. Follow the link for downloading updates for IBM Lotus Protector for mail security.
https://www-01.ibm.com/support/docview.wss?uid=ibm10743847
If you think you’re the victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.