1150812 – (CVE-2014-7968) CVE-2014-7968 vdsm: ssl_accept may block connections on uncompleted handshake

Bug 1150812 (CVE-2014-7968) - CVE-2014-7968 vdsm: ssl_accept may block connections on uncompleted handshake

Summary: CVE-2014-7968 vdsm: ssl_accept may block connections on uncompleted handshake

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-7968
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1148688 1150813 1150814
Blocks:	1150788
TreeView+	depends on / blocked

Reported:	2014-10-09 02:27 UTC by Wade Mealing
Modified:	2019-09-29 13:22 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-02-25 06:40:01 UTC
Embargoed:

Attachments	(Terms of Use)

Description Wade Mealing 2014-10-09 02:27:32 UTC

It was found that VDSM accepts SSL connection in a flawed way. A malicious client
could use this flaw to stop VDSM from accepting new connections, creating a denial of service.

Note You need to log in before you can comment on or make changes to this bug.