Vigil@nce: OpenSSL, denial of service via S/MIME
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send malformed S/MIME data, in order to stop
applications which check the signature with the OpenSSL library.
– Severity: 1/4
– Creation date: 27/02/2012
IMPACTED PRODUCTS
– OpenSSL
DESCRIPTION OF THE VULNERABILITY
The S/MIME (Secure/Multipurpose Internet Mail Extensions) standard
is used to sign and encrypt MIME (emails) data. The signature is
for example added in a new MIME item:
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
[...]
The crypto/asn1/asn_mime.c file of the OpenSSL library processes
these MIME data. However, if a MIME has no name, a NULL pointer is
dereferenced in the mime_hdr_cmp() function.
An attacker can therefore send malformed S/MIME data, in order to
stop applications which check the signature with the OpenSSL
library.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-denial-of-service-via-S-MIME-11395