SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1026957
SecurityTracker URL:  http://securitytracker.com/id/1026957
CVE Reference:   CVE-2012-2110, CVE-2012-2131   (Links to External Site)
Updated:  Apr 24 2012
Original Entry Date:  Apr 20 2012
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.9.8w and 1.0.0i
Description:   A vulnerability was reported in OpenSSL. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the target application using OpenSSL to potentially trigger a heap overflow in the asn1_d2i_read_bio() function and execute arbitrary code on the target system. The code will run with the privileges of the target application.

Applications that use ASN.1 BIO or FILE based functions to read untrusted DER format data are affected. The d2i_*_bio and d2i_*_fp type of functions are affected.

Applications that use the memory based ASN1 functions (e.g., d2i_X509, d2i_PKCS12 etc) are not affected.

The SSL/TLS code is not affected.

Applications using only the PEM routines are not affected.

S/MIME and CMS applications that use the built-in MIME parser SMIME_read_PKCS7 and SMIME_read_CMS functions are affected.

Tavis Ormandy, Google Security Team, reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (0.9.8w, 1.0.0i, 1.0.1a).

The vendor's advisories are available at:

http://www.openssl.org/news/secadv_20120419.txt
http://www.openssl.org/news/secadv_20120424.txt

[Editor's note: The vendor originally issued a fix in version 0.9.8v but reported on April 24, 2012 that the fix in that version was incomplete [CVE-2012-2131] and issued a revised fix in version 0.9.8w.]

Vendor URL:  www.openssl.org/news/secadv_20120424.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 25 2012 (Red Hat Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Apr 25 2012 (Red Hat Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Red Hat has issued a fix for 3, 4, 5.3, 5.6, 6.0, and 6.1.
May 3 2012 (FreeBSD Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
FreeBSD has issued a fix for FreeBSD 7.4, 8.1, 8.2, 8.3, and 9.0.
May 31 2012 (FreeBSD Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
FreeBSD has issued a fix for FreeBSD 7.4, 8.1, 8.2, 8.3, and 9.0.
Jun 8 2012 (NetBSD Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
NetBSD has issued a fix.
Jun 15 2012 (Attachmate Issues Fix for Reflection) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Attachmate has issued a fix for Attachmate Reflection.
Aug 31 2012 (VMware Issues Fix for vSphere and vCOps) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
VMware has issued a fix for vSphere and vCOps.
Dec 12 2012 (Blue Coat Issues Advisory for IntelligenceCenter) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Blue Coat has issued an advisory for Blue Coat IntelligenceCenter.
Dec 12 2012 (Blue Coat Issues Fix for Blue Coat ProxySG) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Blue Coat has issued a fix for Blue Coat ProxySG.
Feb 28 2013 (IBM Issues Fix for AIX) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
IBM has issued a fix for AIX 5.3, 6.1, and 7.1.
Apr 3 2013 (Juniper Issues Fix for ScreenOS) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Juniper has issued a fix for ScreenOS.
Sep 9 2013 (Juniper Issues Fix for Juniper Steel-Belted Radius) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Juniper has issued a fix for Juniper Steel-Belted Radius.
Apr 4 2014 (RSA Issues Fix for RSA BSAFE SSL-C) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
RSA has issued a fix for RSA BSAFE SSL-C.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC