Vigil@nce - OpenSSL: memory corruption in ssl3_get_key_exchange
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to connect to a malicious
SSL/TLS server, in order to corrupt the memory of the client, to
create a denial of service or to execute code.
Severity: 2/4
Creation date: 09/08/2010
Revision date: 10/08/2010
DESCRIPTION OF THE VULNERABILITY
The RSA algorithm uses two prime numbers named "p" and "q". The
SSL/TLS algorithm uses a certificate containing keys based on
these numbers.
When the OpenSSL client connects to a SSL/TLS server, it uses the
RSA_verify() function to check the certificate signature. If p and
q are not prime numbers, the signature is invalid and the client
interrupts the session. However, this error processing frees twice
the bn_ctx context in the ssl3_get_key_exchange() function of the
ssl/s3_clnt.c file.
An attacker can therefore invite the victim to connect to a
malicious SSL/TLS server, in order to corrupt the memory of the
client, to create a denial of service or to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-memory-corruption-in-ssl3-get-key-exchange-9819