فا

‫ OpenSSL Multiple Vulnerabilities

IRCAD2014063348

Number: IRCAD2014063348

Date: 2014/06/03

Criticality level: highly critical

Software:

OpenSSL 0.x

OpenSSL 1.x

Description

A security issue and multiple vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

1)An error when handling SSL/TLS handshakes can be exploited to force the use of weak keying material via a specially crafted handshake and subsequently conduct Man-in-the-Middle (MitM) attacks.

2)An error within the OpenSSL DTLS client can be exploited to cause a recursion and a crash via a specially crafted DTLS handshake.

3) An error within the "dtls1_reassemble_fragment()" function (ssl/d1_both.c) can be exploited to cause a buffer overflow via specially crafted DTLS fragments.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

4)A NULL pointer dereference error within the "do_ssl3_write()" function can be exploited to cause a crash.

Successful exploitation of this vulnerability requires SSL_MODE_RELEASE_BUFFERS to be enabled.

This vulnerability is reported in 1.x versions prior to 1.0.0m and prior to 1.0.1h.

5)An error within anonymous ECDH ciphersuites can be exploited to cause a DoS within the OpenSSL client.

The vulnerabilities #1 through #3 and #5 are reported in versions prior to 0.9.8za, prior to 1.0.0m, and prior to 1.0.1h.

Solution:

Update to a fixed version.

Resources:

OpenSSL:
http://www.openssl.org/news/secadv_20140605.txt

Lepidum:
http://ccsinjection.lepidum.co.jp/

Lepidum (Japanese):

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-14-173

JVN (English):

JVN (Japanese):

secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 17 خرداد 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0