Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: OpenSSL, denial of service via DTLS

May 2009 by Vigil@nce

An attacker can create a denial of service on applications using OpenSSL with DTLS.

- Severity: 2/4
- Consequences: denial of service of service
- Provenance: internet client
- Means of attack: 1 attack
- Ability of attacker: technician (2/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Number of vulnerabilities in this bulletin: 3
- Creation date: 18/05/2009
- Revision date: 19/05/2009

IMPACTED PRODUCTS

- Mandriva Linux
- OpenSSL

DESCRIPTION OF THE VULNERABILITY

The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol. OpenSSL implements DTLS since version 0.9.8. Three DTLS vulnerabilities were announced.

When a DTLS packet indicates a date in the future, OpenSSL keeps it in memory to handle it later. However, there is no limit on the number of packets kept in memory. An attacker can therefore send several packets in order to progressively force OpenSSL to use all system memory. [grav:2/4; BID-35001, CVE-2009-1377]

Fragmented DTLS packet with a sequence number superior to the expected number are kept in memory by the dtls1_process_out_of_seq_message() function, in order to wait for intermediary packets. However, there is no limit on the number of packets to keep in memory, nor on the allowed advance. An attacker can therefore send several fragmented packets in order to force OpenSSL to use all available memory. [grav:2/4; BID-35001, CVE-2009-1378]

In some cases, the ssl/d1_both.c file uses the "frag" variable which was freed. An attacker can therefore send a fragmented message in order to generate a denial of service. [grav:1/4; CVE-2009-1379]

An attacker can therefore create a denial of service on applications using OpenSSL with DTLS.

CHARACTERISTICS

- Identifiers: BID-35001, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, MDVSA-2009:120, VIGILANCE-VUL-8719
- Url: http://vigilance.fr/vulnerability/OpenSSL-denial-of-service-via-DTLS-8719




See previous articles

    

See next articles