You are here

U-152: OpenSSL "asn1_d2i_read_bio()" DER Format Data Processing Vulnerability

April 20, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability has been reported in OpenSSL

PLATFORM:

OpenSSL 0.x
OpenSSL 1.x

ABSTRACT:

The vulnerability is caused due to a type casting error in the "asn1_d2i_read_bio()" function when processing DER format data and can be exploited to cause a heap-based buffer overflow.

reference LINKS:

Vendor Advisory
Secunia Advisory 48847
CVE-2012-2110

IMPACT ASSESSMENT:

High

Discussion:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio.
Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.
Applications using the memory based ASN1 functions (d2i_X509, d2i_PKCS12 etc) are not affected. In particular the SSL/TLS code of OpenSSL is *not* affected.
S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS *are* affected.
The OpenSSL command line utility is also affected if used to process untrusted data in DER format.

Impact:

System Access From Remote

Solution:

Update to version 0.9.8v, 1.0.1a, and 1.0.0i.

 

Addthis