Vigil@nce - OpenSSL: denial of service via DTLS
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malicious message during a DTLS session, in
order to stop clients or servers linked with OpenSSL.
Severity: 2/4
Creation date: 11/05/2012
IMPACTED PRODUCTS
– Debian Linux
– Mandriva Enterprise Server
– Mandriva Linux
– OpenSSL
DESCRIPTION OF THE VULNERABILITY
The DTLS (Datagram Transport Layer Security) protocol, based on
TLS, provides a cryptographic layer over the UDP protocol.
The dtls1_enc() function of file ssl/d1_enc.c processes the DTLS
encryption.
However, this function does not check if the padding size and the
initialization vector size match the message size. When the
initialization vector is skipped, computed size becomes incorrect,
and an invalid memory area is read, which stops the application.
An attacker can therefore send a malicious message during a DTLS
session, in order to stop clients or servers linked with OpenSSL.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-denial-of-service-via-DTLS-11619