OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities (Linux)
Information
Severity
Severity
Medium
Family
Family
Denial of Service
CVSSv2 Base
CVSSv2 Base
5.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
12 years ago
Modified
Modified
3 years ago
Summary
OpenSSL is prone to multiple Denial of Service Vulnerabilities.
Insight
Insight
Multiple flaws are due to, - The library does not limit the number of buffered DTLS records with a future epoch. - An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages. - A use-after-free error in the 'dtls1_retrieve_buffered_fragment()' function can be exploited to cause a crash in a client context.
Affected Software
Affected Software
OpenSSL version 0.9.8 to version 0.9.8k and version 1.0.x versions 1.0.0 Beta2 and prior.
Common Vulnerabilities and Exposures (CVE)
References
- http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=gues
- https://launchpad.net/bugs/cve/2009-1379
- http://www.openwall.com/lists/oss-security/2009/05/18/4
- http://secunia.com/advisories/35128
- http://cvs.openssl.org/chngview?cn=18188
- http://www.openwall.com/lists/oss-security/2009/05/18/1
Free Vulnerability Scanner
Mageni can help you to scan, assess and manage your vulnerabilities.