PT-2014-9089 · Openssl+9 · Openssl+9

Published

1970-01-01

·

Updated

2024-06-15

·

CVE-2014-0221

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8za OpenSSL versions prior to 1.0.0m OpenSSL versions prior to 1.0.1h libopenssl1 0 0-x86 versions (affected versions not specified) libopenssl1 0 0-debuginfo versions (affected versions not specified) libopenssl-devel-32bit versions (affected versions not specified) libopenssl0 9 8-hmac-32bit versions (affected versions not specified) libopenssl0 9 8-hmac versions (affected versions not specified) libopenssl1 0 0 versions (affected versions not specified) libopenssl1 0 0-32bit versions (affected versions not specified) libopenssl-devel versions (affected versions not specified) openssl-doc versions (affected versions not specified) openssl-debugsource versions (affected versions not specified) libopenssl1 0 0-debuginfo-x86 versions (affected versions not specified) libopenssl1 0 0-debuginfo-32bit versions (affected versions not specified) openssl-debuginfo versions (affected versions not specified)
Description The issue allows remote attackers to cause a denial of service, create a man-in-the-middle attack, or execute arbitrary code by sending an invalid DTLS handshake to an OpenSSL DTLS client, resulting in recursive execution of code and eventual crash. The vulnerability is related to the dtls1 get message fragment function in d1 both.c. Exploitation can be done remotely.
Recommendations For OpenSSL versions prior to 0.9.8za, update to version 0.9.8za or later. For OpenSSL versions prior to 1.0.0m, update to version 1.0.0m or later. For OpenSSL versions prior to 1.0.1h, update to version 1.0.1h or later. For libopenssl1 0 0-x86, libopenssl1 0 0-debuginfo, libopenssl-devel-32bit, libopenssl0 9 8-hmac-32bit, libopenssl0 9 8-hmac, libopenssl1 0 0, libopenssl1 0 0-32bit, libopenssl-devel, openssl-doc, openssl-debugsource, libopenssl1 0 0-debuginfo-x86, libopenssl1 0 0-debuginfo-32bit, and openssl-debuginfo, update to a version that is not affected by the vulnerability. As a temporary workaround, consider disabling the dtls1 get message fragment function until a patch is available. Restrict access to the DTLS client to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-120

Related Identifiers

BDU:2015-00120
BDU:2015-00121
BDU:2015-04312
BDU:2015-04313
BDU:2015-05844
BDU:2015-05845
BDU:2015-05846
BDU:2015-05847
BDU:2015-05848
BDU:2015-05849
BDU:2015-05850
BDU:2015-05851
BDU:2015-05852
BDU:2015-05853
BDU:2015-05854
BDU:2015-05855
BDU:2015-09698
CESA-2014_0625
CVE-2014-0221
DLA-0003-1
DSA-2950-1
HPSBUX03046
MGASA-2014-0255
OPENSUSE-SU-2014_0764-1
OPENSUSE-SU-2014_0765-1
OPENSUSE-SU-2016_0640-1
OPENSUSE-SU-2024:10271-1
OPENSUSE-SU-2024:10529-1
OPENSUSE-SU-2024:11127-1
RHSA-2014:0625
RHSA-2014:0628
RHSA-2014:0679
RHSA-2014:1053
RHSA-2014_0625
RHSA-2014_0679
RHSA-2014_1053
SUSE-FU-2022:0445-1
SUSE-RU-2015:0769-1
SUSE-SU-2014_0759-1
SUSE-SU-2014_0759-2
SUSE-SU-2015:0545-1
SUSE-SU-2015:0545-2
SUSE-SU-2015:0546-1
SUSE-SU-2015:0743-1
SUSE-SU-2015:1182-1
SUSE-SU-2015:1182-2
SUSE-SU-2015:1184-1
SUSE-SU-2015:1184-2
SUSE-SU-2015:1185-1
SUSE-SU-403
USN-2232-1
USN-2232-2
USN-2232-3

Affected Products

Centos
Cisco Ios
Hp-Ux
Huawei Vrp
Ibm Aix
Mariadb Server
Openssl
Red Hat
Suse
Ubuntu