CVE-2009-1379 - Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in Op

CVE-2009-1379

Summary

Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.

References

Vulnerable Configurations

cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 13-02-2023 - 02:20)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2014-01-20T04:01:29.907-05:00

class

vulnerability

contributors

name J. Daniel Brown
organization DTCC
name Chris Coffin
organization The MITRE Corporation

definition_extensions

comment	VMware ESX Server 4.0 is installed
oval	oval:org.mitre.oval:def:6293

description

family

unix

oval:org.mitre.oval:def:6848

status

accepted

submitted

2010-06-01T17:30:00.000-05:00

title

OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability

version

accepted

2013-04-29T04:21:47.986-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:9744

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2009:1335

rpms

openssl-0:0.9.8e-12.el5
openssl-debuginfo-0:0.9.8e-12.el5
openssl-devel-0:0.9.8e-12.el5
openssl-perl-0:0.9.8e-12.el5

refmap via4

bid	35138
confirm	http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html https://kb.bluecoat.com/index?page=content&id=SA50
gentoo	GLSA-200912-01
hp	HPSBMA02492 SSRT100079
misc	https://launchpad.net/bugs/cve/2009-1379
mlist	[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
netbsd	NetBSD-SA2009-009
sectrack	1022241
secunia	35416 35461 35571 35729 36533 37003 38761 38794 38834 42724 42733
slackware	SSA:2010-060-02
suse	SUSE-SR:2009:011
ubuntu	USN-792-1
vupen	ADV-2009-1377 ADV-2010-0528
xf	openssl-dtls1retrievebufferedfragment-dos(50661)

statements via4

contributor	Tomas Hoger
lastmodified	2009-09-02
organization	Red Hat
statement	This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.

Last major update

13-02-2023 - 02:20

Published

19-05-2009 - 19:30

Last modified

13-02-2023 - 02:20