Signature Detail

HTTP: OpenSSL CMS Structure OriginatorInfo File Memory Corruption

This signature detects attempts to exploit a known vulnerability in OpenSSL. An attacker can create a malformed CMS file that, if downloaded and used by OpenSSL, can result in arbitrary code execution.

Extended Description

OpenSSL is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition. Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. NOTE: Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x.

Affected Products

• Blue_coat_systems blue_coat_reporter 8.3.3.1
• Blue_coat_systems blue_coat_reporter 8.3.7.1
• Blue_coat_systems blue_coat_reporter 9.1.5.1
• Blue_coat_systems blue_coat_reporter 9.2.3.1
• Hp hp-ux B.11.11
• Hp hp-ux B.11.23
• Hp hp-ux B.11.31
• Kolab kolab_groupware_server 2.2.0
• Kolab kolab_groupware_server 2.2.2
• Kolab kolab_groupware_server 2.2.3
• Kolab kolab_groupware_server 2.2 Beta1
• Kolab kolab_groupware_server 2.2 Beta3
• Kolab kolab_groupware_server 2.2-Rc1
• Kolab kolab_groupware_server 2.2 -Rc2
• Kolab kolab_groupware_server 2.2-Rc3
• Openssl_project openssl 0.9.8H
• Openssl_project openssl 0.9.8I
• Openssl_project openssl 0.9.8J
• Openssl_project openssl 0.9.8K
• Openssl_project openssl 0.9.8L
• Openssl_project openssl 0.9.8M
• Openssl_project openssl 0.9.8N
• Openssl_project openssl 1.0.0
• Openssl_project openssl 1.0.0 Beta2
• Pardus linux_2009
• Red_hat fedora 11
• Red_hat fedora 12
• Voodoo_circle circle 1.1.39
• Voodoo_circle circle_xtelnet 0.4.5

References

• BugTraq: 40502
• CVE: CVE-2010-0742
• URL: http://www.openssl.org/news/secadv_20100601.txt