NASLDB: OpenSSL 1.0.0 < 1.0.0j DTLS CBC Denial of Service
General
ID: 59077
Name: OpenSSL 1.0.0 < 1.0.0j DTLS CBC Denial of Service
Summary: Does a banner check
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: –
Family: Web Servers
Type: Remote
Description
According to its banner, the remote web server is running a version
of OpenSSL 1.0.0 earlier than 1.0.0j. As such, the OpenSSL library
itself is reportedly affected by a denial of service vulnerability.
An integer underflow error exists in the file ‘ssl/d1_enc.c’ in the
function ‘dtls1_enc’. When in CBC mode, DTLS record length values and
explicit initialization vector length values related to DTLS packets
are not handled properly, which can lead to memory corruption and
application crashes.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2012-2333
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/05/10
Patch Release: 2012/05/10
Plugin Release: 2012/05/11
Plugin
Version: 1.3
Filename: openssl_1_0_0j.nasl
Filesize: 2723 bytes
MD5 Hash: bb8b244866815dabe8940aca2883d51c
Identification: –
Require Keys: Settings/ParanoidReport", "openssl/port
Dependencies: "openssl_version.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack