500375 : Vulnerability In OpenSSL 0.9.7d

Risk 5 : Miscellaneous

A remote attacker could execute arbitrary commands, cause a buffer overflow, bypass security or create a denial of service.

OpenSSL is an open-source implementation of the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols including an all-purpose cryptography library. It is commonly used by Apache web server modules such as mod_ssl to implement secure web sessions.

ChangeCipherSpec DTLS Packet Denial of Service Vulnerability

06/24/09 CVE 2009-1386 OpenSSL before 0.9.8i is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference condition. An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

dtls1_retrieve_buffered_fragment() DTLS Packet Denial of Service Vulnerability

06/22/09 CVE 2009-1379 OpenSSL before 1.0.0 Beta 2 is prone to a vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c, that may allow attackers to cause denial-of-service conditions.

DTLS Packets Multiple Denial of Service Vulnerabilities

06/10/09 CVE 2009-1377 CVE 2009-1378 OpenSSL 0.9.8k and prior are prone to multiple vulnerabilities that may allow attackers to cause denial-of-service conditions.

Multiple vulnerabilities fixed in OpenSSL 0.9.8k

04/13/09 CVE 2009-0590 CVE 2009-0591 CVE 2009-0789 OpenSSL before 0.9.8k is prone to multiple vulnerabilities that may allow attackers to trigger denial-of-service conditions or bypass certain security checks.

One byte buffer overflow in the SSL_get_shared_ciphers function

10/04/07 CVE 2007-5135 OpenSSL versions 0.9.7l, 0.9.8d, and 0.9.8e have a one-byte buffer overflow caused by the fix for CVE 2006-3738 to the SSL_get_shared_ciphers vulnerability.

Multiple vulnerabilities fixed by OpenSSL 0.9.7l/0.9.8d

10/03/06 CVE 2006-2937 CVE 2006-2940 CVE 2006-3738 CVE 2006-4343 OpenSSL versions 0.9.7l and 0.9.8d fixed multiple vulnerabilities, including two denial-of-service vulnerabilities in parsing ASN.1 data, a buffer overflow in the SSL_get_shared_ciphers function, and a client denial of service when OpenSSL is used to created an SSLv2 connection.

RSA signature forgery for exponent 3

09/11/06 CVE 2006-4339 OpenSSL when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash. This allows remote attackers to forge a PKCS #1 v1.5 signature. Versions before 0.9.7, 0.9.7 before 0.9.7k and 0.9.8 before 0.9.8c are vulnerable.

Potential SSL 2.0 Rollback

10/18/05 CVE 2005-2969 OpenSSL versions prior to 0.9.7h and 0.9.8a have a vulnerability if the SSL_OP_MSIE_SSLV2_RSA_PADDING option is set. This option is set by the SSL_OP_ALL option , which is intended to work around various bugs in third-party software that might prevent interoperability.

In the event that this option is set, the verification steps necessary to prevent the use of SSL 2.0 can be disabled. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported only as a fallback.

The ChangeCipherSpec DTLS Packet Denial of Service vulnerability was reported in [http://www.securityfocus.com/bid/35174/] Bugtraq ID 35174.

The dtls1_retrieve_buffered_fragment() DTLS Packet Denial of Service vulnerability was reported in [http://www.securityfocus.com/bid/35138/] Bugtraq ID 35138.

The DTLS Packets multiple Denial of Service vulnerabilities were reported in [http://www.securityfocus.com/bid/35001/] Bugtraq ID 35001.

The multiple vulnerabilities fixed in OpenSSL 0.9.8k were reported in [http://www.securityfocus.com/bid/34256/] Bugtraq ID 34256.

The one byte buffer overflow in the SSL_get_shared_ciphers function was reported in [http://secunia.com/advisories/22130/] Secunia Advisory SA22130.

The vulnerabilities corrected by OpenSSL 0.9.7l and 0.9.8d were reported in an [http://www.openssl.org/news/secadv_20060928.txt] OpenSSL security advisory.

The RSA signature forgery for exponent 3 vulnerability was reported in an [http://www.openssl.org/news/secadv_20060905.txt] OpenSSL security advisory. Additional information on the vulnerability can be found at [http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html] ietf-openpgp msg14307.

The Potential SSL 2.0 Rollback vulnerability was reported in an [http://www.openssl.org/news/secadv_20051011.txt] OpenSSL security advisory.

Solution:

OpenSSL should be [http://www.openssl.org/source/] upgraded to a version higher than 1.0.0 Beta 2. Recompile any OpenSSL applications statically linked to OpenSSL libraries. Another option is to install a fix from your vendor.

References:
CVSS Information:
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact
Credit:
Saint Coorporation : 2010-03-24
New Search
Keywords
Risk Factor
Start Date
End Date
Browse