|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
OpenSSL: six vulnerabilities
Synthesis of the vulnerability
An attacker can use several OpenSSL vulnerabilities, in order to obtain information, to create a denial of service, and possibly to execute code.
Impacted products: Debian, BIG-IP Appliance, Fedora, FreeBSD, HP-UX, AIX, Tivoli Workload Scheduler, IVE OS, Junos Pulse, Juniper SA, MES, Mandriva Linux, NetBSD, OpenSSL, openSUSE, Solaris, RHEL, Red Hat JBoss EAP, SUSE Linux Enterprise Desktop, SLES, ESX, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Creation date: 05/01/2012.
Identifiers: 1643316, BID-51281, c03141193, CERTA-2012-AVI-006, CERTA-2012-AVI-171, CERTA-2012-AVI-479, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, DSA-2390-1, ESX410-201208101-SG, ESX410-201208102-SG, ESX410-201208103-SG, ESX410-201208104-SG, ESX410-201208105-SG, ESX410-201208106-SG, ESX410-201208107-SG, ESXi410-201208101-SG, ESXi500-201212102-SG, FEDORA-2012-0232, FEDORA-2012-0250, FreeBSD-SA-12:01.openssl, HPSBUX02734, MDVSA-2012:006, MDVSA-2012:007, openSUSE-SU-2012:0083-1, openSUSE-SU-2013:0336-1, openSUSE-SU-2013:0337-1, openSUSE-SU-2013:0339-1, PSN-2012-09-712, RHSA-2012:0059-01, RHSA-2012:0060-01, RHSA-2012:0086-01, RHSA-2012:0109-01, RHSA-2012:0168-01, RHSA-2012:1306-01, RHSA-2012:1307-01, RHSA-2012:1308-01, SOL15388, SOL15389, SOL15395, SOL15461, SSRT100729, SUSE-SU-2012:0084-1, SUSE-SU-2014:0320-1, VIGILANCE-VUL-11257, VMSA-2012-0005.2, VMSA-2012-0012.1, VMSA-2012-0012.2, VMSA-2012-0013, VMSA-2012-0013.2, VMSA-2013-0003.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSL.
The DTLS (Datagram Transport Layer Security) protocol, based on TLS, provides a cryptographic layer over the UDP protocol. In CBC mode, an attacker can measure time difference of decryption computation, in order to retrieve the clear text (VIGILANCE-VUL-11262). [severity:1/4; CERTA-2012-AVI-006, CERTA-2012-AVI-171, CVE-2011-4108]
When the X509_V_FLAG_POLICY_CHECK is set on OpenSSL 0.9.8, an attacker can generate a double memory free, which may lead to code execution. Apache httpd does not use this flag. [severity:3/4; CVE-2011-4109]
When SSL 3.0 is used, each message can contain up to 15 bytes which are not reset before being sent. This occurs when a message is larger than the previous message, and in practice these data come from the handshake and are not sensitive. [severity:2/4; CVE-2011-4576]
When OpenSSL is configured with "enable-rfc3779", a certificate containing malformed RFC 3779 data (X.509 Extensions for IP Addresses and AS Identifiers) generates an assertion error, which stops the application. [severity:2/4; CVE-2011-4577]
The SGC (Server Gated Cryptography) technology processes weak algorithms/keys, and it is considered as obsolete. An attacker can use the handshake restart feature of SGC, in order to create a denial of service. [severity:2/4; CVE-2011-4619]
When GOST ENGINE (GOST algorithms defined in draft-chudov-cryptopro-cptls-04) are enabled, an attacker can send invalid parameters, in order to stop the TLS server. [severity:2/4; CVE-2012-0027]
Complete Vigil@nce bulletin.... (free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.