Current Activity - SSL and TLS Vulnerable to Man-in-the-middle Attacks

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

SSL and TLS Vulnerable to Man-in-the-middle Attacks

Original release date: November 6, 2009 at 7:01 pm
Last revised: November 6, 2009 at 7:01 pm


US-CERT is aware of reports of publicly available exploit code for a
vulnerability within the SSL and TLS protocols. Reports indicate that
exploitation of this vulnerability may allow an attacker to conduct a
man-in-the-middle attack, allowing an attacker to inject plaintext
into the beginning of the application protocol stream.

US-CERT encourages OpenSSL users and administrators to review the
OpenSSL 0.9.81 release and apply any updates.

US-CERT has not received any reports of active exploitation and will
continue to provide additional information as it becomes available.

Relevant Url(s):
<http://www.openssl.org/source/>

====
This entry is available at
http://www.us-cert.gov/current/index.html#ssl_and_tls_vulnerable_to

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSvS6ONucaIvSvh1ZAQIo8ggAktWkfcagWHOdjAyt/h7Ze4wTD3n1YVWR
CjBoQecQWSj90rz+Xw6S/KEwLvQ3MN3bSkmK8tz1qOR1G9hYDkEg5E8Xoi67cwjQ
Zl8o84HDQ9BKK4MXWutmpKJJfilYnn5kGZuMokRN+VZ5xfYXIXZklXpGUxn9QcDv
0cjJLg0tsHZ7tWiHZZl7RFG+rLO0t4ruZl8aGVMRRtAk6h4zix8Ni3AQJgEexvwg
SOsGLSv0r8A/JByNiQQYBsvVhLD15wVhMqPX8T0degBqHnj6N0A3g9bW5EDDTAC4
QsvR708XSbskmy8oe/xp/7k4ZG505C8ZM25USFky71gYEyK/yUF1Jw==
=syHi
-----END PGP SIGNATURE-----