CVE-2008-5410

Name of the Vulnerable Software and Affected Versions OpenSSL PKCS#11 engine in Sun Solaris 10

Description The issue is related to the PK11 SESSION cache in the OpenSSL PKCS#11 engine, which does not maintain reference counts for operations with asymmetric keys. This allows attackers to cause a denial of service, resulting in failed cryptographic operations, via unspecified vectors. The problem is associated with the (1) RSA sign and (2) RSA verify functions.

Recommendations For Sun Solaris 10, consider disabling the use of asymmetric keys in the OpenSSL PKCS#11 engine as a temporary workaround until a patch is available. Restrict access to the RSA sign and RSA verify functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.