You are here

U-076: OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code

January 6, 2012 - 8:15am

Addthis

PROBLEM:

OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code

PLATFORM:

OpenSSL prior to 0.9.8s; 1.x prior to 1.0.0f

ABSTRACT:

A remote user may be able to execute arbitrary code on the target system.

reference LINKS:

SecurityTracker Alert ID: 1026485
OpenSSL Security Advisory

IMPACT ASSESSMENT:

High

Discussion:

Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can obtain sensitive information. A remote user may be able to execute arbitrary code on the target system.

A remote user can conduct an efficient plaintext recovery attack against the OpenSSL implementation of Datagram Transport Layer Security (DTLS) CVE-2011-4108.
A remote user can trigger a double-free memory error when a policy check fails CVE-2011-4109. Version 0.9.8 systems with the X509_V_FLAG_POLICY_CHECK set are affected.
The bytes used as block cipher padding in SSL 3.0 records are not cleared. A remote user may be able to conduct a SSL 3.0 handshake to obtain memory contents CVE-2011-4576.
Specially crafted RFC 3779 data within a certificate may cause an assertion failure CVE-2011-4577. System builds configured with "enable-rfc3779" are affected.
A remote user can exploit a flaw in handshake restarts for server gated cryptograpy (SGC) to cause denial of service conditions on the target system CVE-2011-4619.
A remote user can send specially crafted GOST parameters to cause the target server to crash CVE-2012-0027. OpenSSL GOST ENGINE users are affected.

Impact:

A remote user may be able to execute arbitrary code on the target system.
A remote user can cause the target server to crash.
A remote user can obtain plaintext in certain cases.

Solution:

The vendor has issued fixes (0.9.8s & 1.0.0f)

 

Addthis