VulDB: OpenSSL up to 1.0.1 ASN.1 Parser asn1_d2i_read_bio() buffer overflow
General
scipID: 5260
Affected: OpenSSL up to 1.0.1
Published: 04/19/2012 (Tavis Ormandy)
Risk: 
critical
Entry: 88.4% complete
Created: 04/20/2012
Updated: 09/03/2012
Summary
A vulnerability has been found in OpenSSL up to 1.0.1 and classified as critical. This vulnerability affects the function asn1_d2i_read_bio() of the component ASN.1 Parser. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was published 04/19/2012 by Tavis Ormandy with Google Security Team. The advisory is shared for download at openssl.org. The public release has been coordinated with the vendor. This vulnerability was named CVE-2012-2110 since 04/04/2012. The exploitability is known to be difficult. Technical details and also a public exploit are known.
After immediately, there has been an exploit disclosed. The vulnerability scanner Nessus provides a plugin with the ID 58873 (USN-1428-1 : openssl vulnerability), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks and running in the context local.
Upgrading to version 1.0.1a, 1.0.0i or 0.9.8v eliminates this vulnerability. It is possible to mitigate the weakness by firewalling tcp/443 (https). The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (81223) and SecurityFocus (BID 53158).CVSS
Base Score: 6.5 (CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
CPE
- cpe:/a:openssl:openssl:1.0.1
Exploiting
Class: Buffer overflow
Local: Yes
Remote: No
Availability: Yes
Access: Public
Nessus ID: 58873
Nessus Name: USN-1428-1 : openssl vulnerability
Nessus Family: Ubuntu Local Security Checks
Nessus Context: local
Exploit-DB: 18756
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Exploit Delay Time: 0 days since known
Upgrade: OpenSSL 1.0.1a/1.0.0i/0.9.8v
Firewalling: tcp/443 (https)
Timeline
04/04/2012 | CVE assigned
04/19/2012 | Advisory disclosed
04/19/2012 | Exploit disclosed
04/19/2012 | Countermeasure disclosed
04/19/2012 | OSVDB entry created
04/20/2012 | VulDB entry created
04/25/2012 | Nessus plugin released
09/03/2012 | VulDB entry updated
Sources
Advisory: openssl.org
Researcher: Tavis Ormandy
Company: Google Security Team
Coordinated: Yes
OSVDB: 81223
CVE: CVE-2012-2110 (mitre.org) (nist.org) (cvedetails.com)
SecurityFocus: 53158
