IBM Security Bulletin: BigFix Platform is vulnerable to OpenSSL denial of service attack
OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks. By leveraging unexpected malloc behavior, a remote attacker could exploit this vulnerability to trigger an integer overflow and cause the application to crash.
CVE(s): CVE-2016-2177
Affected product(s) and affected version(s):
BigFix Platform 9.1
BigFix Platform 9.2
BigFix Platform 9.5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2qaiGi8
X-Force Database: http://ift.tt/2aPXjQq
The post IBM Security Bulletin: BigFix Platform is vulnerable to OpenSSL denial of service attack appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2qaHkPK