Signature Detail
Short Name |
SSL:OPENSSL-DTLS-DOS |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
OpenSSL DTLS Retransmission Denial of Service |
Release Date |
2014/02/26 |
Update Number |
2349 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: OpenSSL DTLS Retransmission Denial of Service
This signature detects attempts to exploit a known vulnerability against OpenSSL DTLS. A successful attack can result in a denial-of-service condition.
Extended Description
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.
Affected Products
- openssl 0.9.8
- openssl 0.9.8a
- openssl 0.9.8b
- openssl 0.9.8c
- openssl 0.9.8d
- openssl 0.9.8e
- openssl 0.9.8f
- openssl 0.9.8g
- openssl 0.9.8h
- openssl 0.9.8i
- openssl 0.9.8j
- openssl 0.9.8k
- openssl 0.9.8l
- openssl 0.9.8m (beta1)
- openssl 0.9.8n
- openssl 0.9.8o
- openssl 0.9.8p
- openssl 0.9.8q
- openssl 0.9.8r
- openssl 0.9.8s
- openssl 0.9.8t
- openssl 0.9.8u
- openssl 0.9.8v
- openssl 0.9.8w
- openssl 0.9.8x
- openssl 1.0.0a
- openssl 1.0.0b
- openssl 1.0.0 (beta1)
- openssl 1.0.0 (beta2)
- openssl 1.0.0 (beta3)
- openssl 1.0.0 (beta4)
- openssl 1.0.0 (beta5)
- openssl 1.0.0c
- openssl 1.0.0d
- openssl 1.0.0e
- openssl 1.0.0f
- openssl 1.0.0g
- openssl 1.0.0h
- openssl 1.0.0i
- openssl 1.0.0j
- openssl 1.0.1a
- openssl 1.0.1b
- openssl 1.0.1 (beta1)
- openssl 1.0.1 (beta2)
- openssl 1.0.1 (beta3)
- openssl 1.0.1c
- openssl 1.0.1d
- openssl 1.0.1e
- openssl up to 0.9.8y
References
- CVE: CVE-2013-6450