BID:26055

OpenSSL DTLS Heap Buffer Overflow Vulnerability

Info

OpenSSL DTLS Heap Buffer Overflow Vulnerability

Bugtraq ID:	26055
Class:	Boundary Condition Error
CVE:	CVE-2007-4995
Remote:	Yes
Local:	No
Published:	Oct 12 2007 12:00AM
Updated:	Jun 26 2008 03:01PM
Credit:	Andy Polyakov is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 TransSoft Broker FTP Server 8.0 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE Linux 10.1 SuSE Linux 10.0 S.u.S.E. openSUSE 10.3 Redhat Fedora Core7 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server OpenSSL Project OpenSSL 0.9.8 e OpenSSL Project OpenSSL 0.9.8 d OpenSSL Project OpenSSL 0.9.8 c OpenSSL Project OpenSSL 0.9.8 b OpenSSL Project OpenSSL 0.9.8 a OpenSSL Project OpenSSL 0.9.8 + Gentoo Linux Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 500 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service Media Processing Server 0 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0

Not Vulnerable:	OpenSSL Project OpenSSL 0.9.8 f

Discussion

OpenSSL DTLS Heap Buffer Overflow Vulnerability

OpenSSL is prone to a heap buffer-overflow vulnerability because the library fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users.

Exploit / POC

OpenSSL DTLS Heap Buffer Overflow Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

OpenSSL DTLS Heap Buffer Overflow Vulnerability

Solution:
The vendor released OpenSSL 0.9.8 f to address this issue. Please see the references for more information.

OpenSSL Project OpenSSL 0.9.8 a

OpenSSL openssl-0.9.8f.tar.gz
http://www.openssl.org/source/openssl-0.9.8f.tar.gz

OpenSSL Project OpenSSL 0.9.8 c

OpenSSL openssl-0.9.8f.tar.gz
http://www.openssl.org/source/openssl-0.9.8f.tar.gz

OpenSSL Project OpenSSL 0.9.8 b

OpenSSL openssl-0.9.8f.tar.gz
http://www.openssl.org/source/openssl-0.9.8f.tar.gz

OpenSSL Project OpenSSL 0.9.8

OpenSSL openssl-0.9.8f.tar.gz
http://www.openssl.org/source/openssl-0.9.8f.tar.gz

OpenSSL Project OpenSSL 0.9.8 e

OpenSSL openssl-0.9.8f.tar.gz
http://www.openssl.org/source/openssl-0.9.8f.tar.gz

OpenSSL Project OpenSSL 0.9.8 d

OpenSSL openssl-0.9.8f.tar.gz
http://www.openssl.org/source/openssl-0.9.8f.tar.gz

References

OpenSSL DTLS Heap Buffer Overflow Vulnerability

References:

OpenSSL Homepage (OpenSSL)
OpenSSL Security Advisory (Ben Laurie )
2008008923 Nortel Response to OpenSSL DTLS Heap Buffer Overflow Vulnerability (Nortel Networks)
OpenSSL Security Advisory [12-Oct-2007] (OpenSSL)
Red Hat Security Advisory RHSA-2007:0964-4 (Red Hat)