Vigil@nce - OpenSSL: denial of service via SSL3_AL_WARNING
December 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send SSL3_AL_WARNING packets to an SSLv3
application linked to OpenSSL, in order to trigger a denial of
service.
Impacted products: FreeBSD, OpenSSL, Solaris, Shibboleth SP,
Splunk Enterprise, stunnel.
Severity: 2/4.
Creation date: 24/10/2016.
DESCRIPTION OF THE VULNERABILITY
The OpenSSL product implements the SSL version 3 protocol.
The SSL3_AL_WARNING message is used to send an alert of level
Warning. However, when these packets are received during the
handshake, the library consumes 100% of CPU.
An attacker can therefore send SSL3_AL_WARNING packets to an SSLv3
application linked to OpenSSL, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/OpenSSL-denial-of-service-via-SSL3-AL-WARNING-20941