Summary: | <dev-libs/openssl-0.9.8l DTLS Denial of Service (CVE-2009-{1377,1378,1379,1387}) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | base-system | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | A3 [glsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Bug Depends on: | 292022 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-05-18 14:53:24 UTC
Created attachment 191674 [details, diff]
openssl-0.9.8-CVE-2009-1377.patch
openssl-0.9.8-CVE-2009-1377.patch as applied in CVS.
Created attachment 191677 [details, diff]
openssl-0.9.8-CVE-2009-1378.patch
openssl-0.9.8-CVE-2009-1378.patch backport as proposed in the bug report.
CVE-2009-1377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1377): The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." CVE-2009-1378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1378): Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." CVE-2009-1379: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. Created attachment 192323 [details, diff]
openssl-0.9.8-CVE-2009-1379.patch
Patch for CVE-2009-1379 as applied to CVS.
CVE-2009-1387 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1387): The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." ive added 0.9.8l with the patches for 137{7,8,9}, and 1387 seems to already be included Stabilization via bug 292022. CVE-2009-1387 wasnt in the 0.9.8l release, so i added it to 0.9.8l-r1 GLSA 200912-01 |