Buffer overflow in OpenSSL

1) Buffer overflow

EUVDB-ID: #VU32816

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2012-2110

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenSSL: 0.9.0b - 1.0.1

CPE2.3

• cpe:2.3:a:openssl_software_foundation:openssl:0.9.0b:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.1b:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.1c:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.2b:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.3:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.3a:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.4:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.5:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.5a:*:*:*:*:*:*:*
• cpe:2.3:a:openssl_software_foundation:openssl:0.9.6b-3:*:*:*:*:*:*:*

External links

https://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
https://cvs.openssl.org/chngview?cn=22431
https://cvs.openssl.org/chngview?cn=22434
https://cvs.openssl.org/chngview?cn=22439
https://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079149.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-April/079299.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080176.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html
https://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
https://lists.opensuse.org/opensuse-security-announce/2012-05/msg00015.html
https://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
https://marc.info/?l=bugtraq&m=133728068926468&w=2
https://marc.info/?l=bugtraq&m=133951357207000&w=2
https://marc.info/?l=bugtraq&m=134039053214295&w=2
https://osvdb.org/81223
https://rhn.redhat.com/errata/RHSA-2012-0518.html
https://rhn.redhat.com/errata/RHSA-2012-0522.html
https://rhn.redhat.com/errata/RHSA-2012-1306.html
https://rhn.redhat.com/errata/RHSA-2012-1307.html
https://rhn.redhat.com/errata/RHSA-2012-1308.html
https://secunia.com/advisories/48847
https://secunia.com/advisories/48895
https://secunia.com/advisories/48899
https://secunia.com/advisories/48942
https://secunia.com/advisories/48999
https://secunia.com/advisories/57353
https://support.apple.com/kb/HT5784
https://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
https://www.debian.org/security/2012/dsa-2454
https://www.exploit-db.com/exploits/18756
https://www.mandriva.com/security/advisories?name=MDVSA-2012:060
https://www.openssl.org/news/secadv_20120419.txt
https://www.securityfocus.com/bid/53158
https://www.securitytracker.com/id?1026957
https://www.ubuntu.com/usn/USN-1424-1
https://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://kb.juniper.net/KB27376

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.