Signature Detail

HTTP: OpenSSL CMS Structure OriginatorInfo File Memory Corruption

This signature detects attempts to exploit a known vulnerability in OpenSSL. An attacker can create a malformed CMS file that, if downloaded and used by OpenSSL, can result in arbitrary code execution.

Extended Description

OpenSSL is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by supplying specially crafted structures to a vulnerable application that uses the affected library. Successfully exploiting this issue can allow the attacker to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition. Versions of OpenSSL 0.9.h through 0.9.8n and OpenSSL 1.0.x prior to 1.0.0a are affected. NOTE: Cryptographic Message Syntax (CMS) functionality is only enabled by default in OpenSSL versions 1.0.x.

Affected Products

• Blue Coat Systems Blue Coat Reporter 8.3.3.1
• Blue Coat Systems Blue Coat Reporter 8.3.7.1
• Blue Coat Systems Blue Coat Reporter 9.1.5.1
• Blue Coat Systems Blue Coat Reporter 9.2.3.1
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• HP HP-UX B.11.31
• Kolab Kolab Groupware Server 2.2.0
• Kolab Kolab Groupware Server 2.2.2
• Kolab Kolab Groupware Server 2.2.3
• Kolab Kolab Groupware Server 2.2 Beta1
• Kolab Kolab Groupware Server 2.2 Beta3
• Kolab Kolab Groupware Server 2.2-Rc1
• Kolab Kolab Groupware Server 2.2 -Rc2
• Kolab Kolab Groupware Server 2.2-Rc3
• OpenSSL Project OpenSSL 0.9.8H
• OpenSSL Project OpenSSL 0.9.8I
• OpenSSL Project OpenSSL 0.9.8J
• OpenSSL Project OpenSSL 0.9.8K
• OpenSSL Project OpenSSL 0.9.8L
• OpenSSL Project OpenSSL 0.9.8M
• OpenSSL Project OpenSSL 0.9.8N
• OpenSSL Project OpenSSL 1.0.0
• OpenSSL Project OpenSSL 1.0.0 Beta2
• Pardus Linux 2009
• Red Hat Fedora 11
• Red Hat Fedora 12
• VooDoo cIRCle cIRCle 1.1.39
• VooDoo cIRCle cIRCle XTelnet 0.4.5

References

• BugTraq: 40502
• CVE: CVE-2010-0742
• URL: http://www.openssl.org/news/secadv_20100601.txt