OpenSSL DTLS Processing Bugs Let Users Deny Service
|
SecurityTracker Alert ID: 1022241 |
SecurityTracker URL: http://securitytracker.com/id/1022241
|
CVE Reference:
CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387
(Links to External Site)
|
Updated: Jun 26 2009
|
Original Entry Date: May 18 2009
|
Impact:
Denial of service via local system, Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.0.0 and prior versions
|
Description:
Several vulnerabilities were reported in OpenSSL. A user can cause denial of service conditions.
A user can send specially crafted DTLS records with a future epoch to consume excessive memory on the target system.
A user can send specially crafted DTLS messages to trigger a memory leak and consume excessive memory on the target system.
A user can send DTLS data with a specially crafted certificate to cause freed memory to be used by the dtls1_retrieve_buffered_fragment() function in 'ssl/d1_both.c'. OpenSSL 1.0.0 Beta 2 is affected.
Daniel Mentz reported the above listed vulnerabilities.
A remote user can send a DTLS ChangeCipherSpec packet prior to a ClientHello packet to trigger a null pointer dereference in 'ssl/s3_pkt.c' and cause the target daemon to crash.
A remote user can send an out-of-sequence DTLS handshake message to trigger a null pointer dereference in the dtls1_retrieve_buffered_fragment() function in 'ssl/d1_both.c' and cause the target daemon to crash.
|
Impact:
A user can consume excessive memory on the target system.
A user can cause an affected application to crash.
|
Solution:
The vendor has issued a source code fix.
|
Vendor URL: www.openssl.org/ (Links to External Site)
|
Cause:
Access control error, Resource error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|