BID:39013

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability

Info

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability

Bugtraq ID:	39013
Class:	Design Error
CVE:	CVE-2010-0740
Remote:	Yes
Local:	No
Published:	Mar 24 2010 12:00AM
Updated:	Apr 13 2015 10:05PM
Credit:	Bodo Moeller and Adam Langley
Vulnerable:	VooDoo cIRCle XTelnet 0.4.5 VooDoo cIRCle 1.1.39 VMWare VirtualCenter 2.5.Update 3 build 1 VMWare VirtualCenter 2.5 Update 6 VMWare VirtualCenter 2.5 Update 5 VMWare VirtualCenter 2.5 Update 4 VMWare VirtualCenter 2.5 Update 2 VMWare VirtualCenter 2.5 Update 1 VMWare VirtualCenter 2.5 VMWare vCenter 4.1 VMWare vCenter 4.0 Update 1 VMWare vCenter 4.0 Sun OpenSolaris build snv_99 Sun OpenSolaris build snv_98 Sun OpenSolaris build snv_96 Sun OpenSolaris build snv_95 Sun OpenSolaris build snv_94 Sun OpenSolaris build snv_93 Sun OpenSolaris build snv_92 Sun OpenSolaris build snv_91 Sun OpenSolaris build snv_90 Sun OpenSolaris build snv_89 Sun OpenSolaris build snv_88 Sun OpenSolaris build snv_87 Sun OpenSolaris build snv_86 Sun OpenSolaris build snv_85 Sun OpenSolaris build snv_84 Sun OpenSolaris build snv_83 Sun OpenSolaris build snv_82 Sun OpenSolaris build snv_81 Sun OpenSolaris build snv_80 Sun OpenSolaris build snv_78 Sun OpenSolaris build snv_77 Sun OpenSolaris build snv_76 Sun OpenSolaris build snv_74 Sun OpenSolaris build snv_71 Sun OpenSolaris build snv_68 Sun OpenSolaris build snv_67 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_61 Sun OpenSolaris build snv_59 Sun OpenSolaris build snv_58 Sun OpenSolaris build snv_57 Sun OpenSolaris build snv_56 Sun OpenSolaris build snv_54 Sun OpenSolaris build snv_51 Sun OpenSolaris build snv_50 Sun OpenSolaris build snv_49 Sun OpenSolaris build snv_48 Sun OpenSolaris build snv_47 Sun OpenSolaris build snv_45 Sun OpenSolaris build snv_41 Sun OpenSolaris build snv_39 Sun OpenSolaris build snv_38 Sun OpenSolaris build snv_37 Sun OpenSolaris build snv_36 Sun OpenSolaris build snv_35 Sun OpenSolaris build snv_29 Sun OpenSolaris build snv_28 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_136 Sun OpenSolaris build snv_135 Sun OpenSolaris build snv_134 Sun OpenSolaris build snv_133 Sun OpenSolaris build snv_132 Sun OpenSolaris build snv_131 Sun OpenSolaris build snv_130 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_129 Sun OpenSolaris build snv_128 Sun OpenSolaris build snv_127 Sun OpenSolaris build snv_126 Sun OpenSolaris build snv_125 Sun OpenSolaris build snv_124 Sun OpenSolaris build snv_123 Sun OpenSolaris build snv_122 Sun OpenSolaris build snv_121 Sun OpenSolaris build snv_120 Sun OpenSolaris build snv_119 Sun OpenSolaris build snv_118 Sun OpenSolaris build snv_117 Sun OpenSolaris build snv_116 Sun OpenSolaris build snv_115 Sun OpenSolaris build snv_114 Sun OpenSolaris build snv_113 Sun OpenSolaris build snv_112 Sun OpenSolaris build snv_111a Sun OpenSolaris build snv_111 Sun OpenSolaris build snv_110 Sun OpenSolaris build snv_109 Sun OpenSolaris build snv_108 Sun OpenSolaris build snv_107 Sun OpenSolaris build snv_106 Sun OpenSolaris build snv_105 Sun OpenSolaris build snv_104 Sun OpenSolaris build snv_103 Sun OpenSolaris build snv_102 Sun OpenSolaris build snv_101a Sun OpenSolaris build snv_101 Sun OpenSolaris build snv_100 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 Sun OpenSolaris 0 Pardus Linux 2009 0 OpenSSL Project OpenSSL 0.9.8 k OpenSSL Project OpenSSL 0.9.8 j OpenSSL Project OpenSSL 0.9.8 i OpenSSL Project OpenSSL 0.9.8 h OpenSSL Project OpenSSL 0.9.8m OpenSSL Project OpenSSL 0.9.8l OpenSSL Project OpenSSL 0.9.8g OpenSSL Project OpenSSL 0.9.8f OpenBSD OpenBSD 4.7 OpenBSD OpenBSD 4.6 OpenBSD OpenBSD 4.5 Mandriva Linux Mandrake 2010.0 x86_64 Mandriva Linux Mandrake 2010.0 Mandriva Linux Mandrake 2009.1 x86_64 Mandriva Linux Mandrake 2009.1 Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Intel Setup and Configuration Service 6.0 Intel Setup and Configuration Service 5.0 Intel Active Management Technology SDK 5.0 Intel Active Management Technology SDK 4.0 Intel Active Management Technology SDK 3.0 Intel Active Management Technology SDK 2.6 IBM AIX 5.3.10 IBM AIX 5.3.9 IBM AIX 5.3.8 IBM AIX 5.3.7 IBM AIX 5.3 L IBM AIX 5.2.2 IBM AIX 5.2 L IBM AIX 5.1 L IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 F5 Enterprise Manager 2.0 F5 BigIP Global Traffic Manager (GTM) 10.1 F5 BigIP Edge 10.1 F5 BigIP Application Security Manager (ASM) 10.1 F5 BIG-IP WebAccelerator 10.1 F5 BIG-IP WAN Optimization Module 10.1 F5 BIG-IP PSM 10.1 F5 BIG-IP Protocol Security Manager 10.1 F5 BIG-IP Local Traffic Manager (LTM) 10.1 F5 BIG-IP Link Controller 10.1 F5 BIG-IP Application Security Manager 10.1 F5 BIG-IP APM 10.1 F5 ARX 5.1.5 F5 ARX 5.1 Blue Coat Systems Blue Coat Reporter 8.3.3 .1 Blue Coat Systems Blue Coat Reporter 9.2.3.1 Blue Coat Systems Blue Coat Reporter 9.1.5.1 Blue Coat Systems Blue Coat Reporter 8.3.7.1 Apple Mac OS X Server 10.6.6 Apple Mac OS X Server 10.6.5 Apple Mac OS X Server 10.6.4 Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.6.7 Apple Mac OS X Server 10.6 Apple Mac OS X 10.6.6 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.5 Apple Mac OS X 10.6.4 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.6.7 Apple Mac OS X 10.6

Not Vulnerable:	VooDoo cIRCle XTelnet 0.4.6 VooDoo cIRCle 1.1.40 VMWare vCenter 4.1 Update 1 Sun OpenSolaris build snv_137 OpenSSL Project OpenSSL 0.9.8n Intel Active Management Technology SDK 6.0 (V6.C1076) Blue Coat Systems Blue Coat Reporter 9.2.4.1 Apple Mac OS X Server 10.6.8 Apple Mac OS X 10.6.8

Discussion

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability

OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

OpenSSL versions 0.9.8f through 0.9.8m are vulnerable.

Exploit / POC

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability

An exploit is available.

/data/vulnerabilities/exploits/39013.c

Solution / Fix

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references for more information.

Mandriva Linux Mandrake 2008.0

Mandriva libopenssl0.9.8-0.9.8e-8.6mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-devel-0.9.8e-8.6mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-static-devel-0.9.8e-8.6mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8e-8.6mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/

Apple Mac OS X 10.6.7

Apple MacOSXUpd10.6.8.dmg
For Mac OS X v10.6.7
http://www.apple.com/support/downloads/

Apple Mac OS X 10.6

Apple MacOSXUpdCombo10.6.8.dmg
For Mac OS X v10.6 - v10.6.6
http://www.apple.com/support/downloads/

Mandriva Linux Mandrake 2009.0 x86_64

Mandriva lib64openssl0.9.8-0.9.8h-3.7mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8h-3.7mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2009.1 x86_64

Mandriva lib64openssl0.9.8-0.9.8k-1.5mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-static-devel-0.9.8k-1.5mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8k-1.5mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Enterprise Server 5

Mandriva libopenssl0.9.8-0.9.8h-3.7mdvmes5.1.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-devel-0.9.8h-3.7mdvmes5.1.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-static-devel-0.9.8h-3.7mdvmes5.1.i586.rpm
http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8h-3.7mdvmes5.1.i586.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2009.0

Mandriva libopenssl0.9.8-0.9.8h-3.7mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-devel-0.9.8h-3.7mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-static-devel-0.9.8h-3.7mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8h-3.7mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

F5 BigIP Global Traffic Manager (GTM) 10.1

F5 Hotfix-BIGIP-10.1.0-3372.0-HF1
https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP&pro=big-ip_v10.x&ver=10. 1.0&container=Hotfix-BIGIP-10.1.0-3372.0-HF1&prodesc=BIG-IP+v10.x+%2F+ Virtual+Edition

F5 BIG-IP APM 10.1

F5 Hotfix-BIGIP-10.1.0-3372.0-HF1
https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP&pro=big-ip_v10.x&ver=10. 1.0&container=Hotfix-BIGIP-10.1.0-3372.0-HF1&prodesc=BIG-IP+v10.x+%2F+ Virtual+Edition

F5 BIG-IP PSM 10.1

F5 Hotfix-BIGIP-10.1.0-3372.0-HF1
https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP&pro=big-ip_v10.x&ver=10. 1.0&container=Hotfix-BIGIP-10.1.0-3372.0-HF1&prodesc=BIG-IP+v10.x+%2F+ Virtual+Edition

F5 BIG-IP WAN Optimization Module 10.1

F5 Hotfix-BIGIP-10.1.0-3372.0-HF1
https://downloads.f5.com/esd/ecc.sv?sw=BIG-IP&pro=big-ip_v10.x&ver=10. 1.0&container=Hotfix-BIGIP-10.1.0-3372.0-HF1&prodesc=BIG-IP+v10.x+%2F+ Virtual+Edition

Apple Mac OS X 10.6.1

Apple MacOSXUpdCombo10.6.8.dmg
For Mac OS X v10.6 - v10.6.6
http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.3

Apple MacOSXUpdCombo10.6.8.dmg
For Mac OS X v10.6 - v10.6.6
http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.5

Apple MacOSXUpdCombo10.6.8.dmg
For Mac OS X v10.6 - v10.6.6
http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.6.6

Apple MacOSXServerUpdCombo10.6.8.dmg
For Mac OS X Server v10.6 - v10.6.6
http://www.apple.com/support/downloads/

References

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability

References:

24 May 2010 CVE-2010-0740 - "Record of death" vulnerability in OpenSSL (Sun)
December 21, 2010 - Multiple SSL/TLS vulnerabilities in Reporter (Blue Coat Systems)
OpenBSD 4.5 errata (OpenBSD)
OpenBSD 4.6 errata (OpenBSD)
OpenBSD 4.7 errata (OpenBSD)
OpenSSL Project (OpenSSL Project)
OpenSSL* vulnerability �?? Software Development Tools for Intel® Active Management (Intel)
[security bulletin] HPSBUX02517 SSRT100058 rev.1 - HP-UX Running OpenSSL, Remote ([email protected])
An OpenSource VooDoo cIRCle - security advisory 20100624-02 (VooDoo cIRCle)
SOL11504: Overview of BIG-IP version 10.1.0 HF1 (F5)
SOL11533: OpenSSL vulnerability - CVE-2010-0740 (F5)
Record of death vulnerability (IBM)
Record of death vulnerability in OpenSSL 0.9.8f through 0.9.8m (OpenSSL Project)