• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

OpenSSL Critical Patch Update Advisory

You are here: Home / Newsletters / OpenSSL Critical Patch Update Advisory
ControlCase No Tag LOGO md

OpenSSL Critical Patch Update Advisory

This is a security advisory on the “OpenSSL Critical Patch Update.”

About the Vulnerability

On June 5th, the OpenSSL team published fixes for six security vulnerabilities in the widely used crypto library. OpenSSL components DTLS, do_ssl3, ssl3_read_bytes, ECDH ciphersuites are known to be having security flaws which have been fixed. According to researchers some of these issues have existed for many years in the OpenSSL but were not discovered.

The issues identified in the vulnerable OpenSSL versions allow eavesdropping on encrypted connections leading to Man-in-the-middle attacks. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server or can lead to denial of service.

Importantly, it affects the new versions which fixed heartbleed and all versions of OpenSSL.

How to fix

OpenSSL recommends following:

  • OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
  • OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m
  • OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h

How ControlCase CaaS Customers can request a test for OpenSSL

ControlCase can perform an OpenSSL vulnerability scan for your infrastructure and provide you with the results. ControlCase Compliance as a Service (CaaS) customers can request “OpenSSL Vulnerability Test” by using the following steps:

    1. Login to IT GRC portal
    2. Click “External PT Scan Form” link on the dashboard

cd2ddc5b-5898-4311-9f66-d37603a72d51

    1. Fill the External Network Penetration Test form with all the details and mention “OpenSSL Vulnerability test” before filling public IP addresses against #6

7d2cfb1e-9167-4c0c-87b0-68682e546869

    1. Once form is filled completely, click Notify button on top right corner

737c1035-cb85-4c78-a695-131d6153e12b

References

http://www.openssl.org/news/secadv_20140605.txt

https://www.imperialviolet.org/2014/06/05/earlyccs.html

http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html

About Us

ControlCase is a global provider of technology-driven compliance and security solutions. ControlCase is committed to partnering with clients to develop strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments.

ControlCase provides the best experts, customer experience and technology for regulations including PCI DSS, GDPR, SOC1, SOC2, SOC3, HIPAA/HITRUSTâ„¢, ISO 27001/2, SSAE16, PIPEDA, FERC/NERC, Sarbanes Oxley (SOX), GLBA, CoBIT, BITS FISAP and EI3PA.

https://www.controlcase.com


  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices