Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - OpenSSL: memory corruption via BN_bn2dec

October 2016 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can generate a memory corruption via BN_bn2dec() of
OpenSSL, in order to trigger a denial of service, and possibly to
run code.

 Impacted products: Blue Coat CAS, ProxyAV, ProxySG, SGOS, Cisco
ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility
Client, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, Cisco Content
SMA, Cisco ESA, IOS by Cisco, IOS XE Cisco, Cisco IPS, Nexus by
Cisco, NX-OS, Cisco Prime Access Registrar, Prime Infrastructure,
Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP
Phone, Cisco MeetingPlace, Cisco Wireless Controller, Debian,
Fedora, FileZilla Server, FreeBSD, FreeRADIUS, Juniper J-Series,
JUNOS, Junos Space, NSM Central Manager, NSMXpress, ePO, NetScreen
Firewall, ScreenOS, OpenSSL, openSUSE, openSUSE Leap, Solaris,
pfSense, RHEL, Slackware, stunnel, SUSE Linux Enterprise Desktop,
SLES, Synology DS***, Synology RS***, Ubuntu, Wind River Linux.
 Severity: 2/4.
 Creation date: 24/08/2016.

DESCRIPTION OF THE VULNERABILITY

The OpenSSL library works on large numbers to perform operations
such are RSA.

The BN_bn2dec() function converts a large number to its decimal
representation. However, a special number forces BN_div_word() to
return a limit value, then data are written after the end of the
memory area.

An attacker can therefore generate a memory corruption via
BN_bn2dec() of OpenSSL, in order to trigger a denial of service,
and possibly to run code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/OpenSSL-memory-corruption-via-BN-bn2dec-20460


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts