Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: OpenSSL, denial of service via DTLS

May 2009 by Vigil@nce

An attacker can create a denial of service on applications using
OpenSSL with DTLS.

 Severity: 2/4
 Consequences: denial of service of service
 Provenance: internet client
 Means of attack: 1 attack
 Ability of attacker: technician (2/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Number of vulnerabilities in this bulletin: 3
 Creation date: 18/05/2009
 Revision date: 19/05/2009

IMPACTED PRODUCTS

 Mandriva Linux
 OpenSSL

DESCRIPTION OF THE VULNERABILITY

The DTLS (Datagram Transport Layer Security) protocol, based on
TLS, provides a cryptographic layer over the UDP protocol. OpenSSL
implements DTLS since version 0.9.8. Three DTLS vulnerabilities
were announced.

When a DTLS packet indicates a date in the future, OpenSSL keeps
it in memory to handle it later. However, there is no limit on the
number of packets kept in memory. An attacker can therefore send
several packets in order to progressively force OpenSSL to use all
system memory. [grav:2/4; BID-35001, CVE-2009-1377]

Fragmented DTLS packet with a sequence number superior to the
expected number are kept in memory by the dtls1_process_out_of_seq_message()
function, in order to wait for intermediary packets. However,
there is no limit on the number of packets to keep in memory, nor
on the allowed advance. An attacker can therefore send several
fragmented packets in order to force OpenSSL to use all available
memory. [grav:2/4; BID-35001, CVE-2009-1378]

In some cases, the ssl/d1_both.c file uses the "frag" variable
which was freed. An attacker can therefore send a fragmented
message in order to generate a denial of service. [grav:1/4;
CVE-2009-1379]

An attacker can therefore create a denial of service on
applications using OpenSSL with DTLS.

CHARACTERISTICS

 Identifiers: BID-35001, CVE-2009-1377, CVE-2009-1378,
CVE-2009-1379, MDVSA-2009:120, VIGILANCE-VUL-8719
 Url: http://vigilance.fr/vulnerability/OpenSSL-denial-of-service-via-DTLS-8719


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts