Signature Detail

SSL: OpenSSL ssl3_get_key_exchange Use-After-Free Memory Corruption

This signature detects attempts to exploit a known flaw in the OpenSSL library. The vulnerability is due to an error in ssl3_get_key_exchange function while handling server key exchange message. If a certificate structure contains a crafted value, the vulnerable code could cause a double-free error. Remote attackers could exploit this vulnerability by enticing the target user to connect to a malicious server using a vulnerable version of the OpenSSL library. Successful exploitation may allow for arbitrary code execution with the privileges of the application using the OpenSSL library.

Extended Description

OpenSSL is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Failed exploit attempts will result in a denial-of-service condition. The issue affects OpenSSL 1.0.0a; other versions may also be affected.

Affected Products

• Debian Linux 5.0
• Debian Linux 5.0 Alpha
• Debian Linux 5.0 Amd64
• Debian Linux 5.0 Arm
• Debian Linux 5.0 Armel
• Debian Linux 5.0 Hppa
• Debian Linux 5.0 Ia-32
• Debian Linux 5.0 Ia-64
• Debian Linux 5.0 M68k
• Debian Linux 5.0 Mips
• Debian Linux 5.0 Mipsel
• Debian Linux 5.0 Powerpc
• Debian Linux 5.0 S/390
• Debian Linux 5.0 Sparc
• FreeBSD 7.0
• HP System Management Homepage 6.0
• HP System Management Homepage 6.0.0-95
• HP System Management Homepage 6.0.0.95
• HP System Management Homepage 6.0.0.96
• HP System Management Homepage 6.1
• HP System Management Homepage 6.1.0.102
• HP System Management Homepage 6.1.0-103
• HP System Management Homepage 6.1.0.103
• HP System Management Homepage 6.2
• HP System Management Homepage 6.2
• HP System Management Homepage 6.2.0-12
• Mandriva Linux Mandrake 2010.1
• Mandriva Linux Mandrake 2010.1 X86 64
• NetBSD 4.0
• NetBSD 4.0.1
• NetBSD 4.0.2
• NetBSD 5.0
• NetBSD 5.0.1
• NetBSD 5.0.2
• OpenSSL Project OpenSSL 1.0.0A
• Pardus Linux 2009
• Slackware Linux 11.0
• Slackware Linux 12.0
• Slackware Linux 12.1
• Slackware Linux 12.2
• Slackware Linux 13.0
• Slackware Linux 13.0 X86 64
• Slackware Linux 13.1
• Slackware Linux 13.1 X86 64
• Slackware Linux -Current
• Slackware Linux X86 64 -Current
• SuSE openSUSE 11.1
• SuSE openSUSE 11.2
• SuSE openSUSE 11.3
• SuSE SUSE Linux Enterprise 10 SP3
• SuSE SUSE Linux Enterprise 11
• SuSE SUSE Linux Enterprise 11 SP1
• Ubuntu Ubuntu Linux 10.04 Amd64
• Ubuntu Ubuntu Linux 10.04 I386
• Ubuntu Ubuntu Linux 10.04 Powerpc
• Ubuntu Ubuntu Linux 10.04 Sparc
• Ubuntu Ubuntu Linux 10.10 amd64
• Ubuntu Ubuntu Linux 10.10 i386
• Ubuntu Ubuntu Linux 10.10 powerpc
• Ubuntu Ubuntu Linux 6.06 LTS Amd64
• Ubuntu Ubuntu Linux 6.06 LTS I386
• Ubuntu Ubuntu Linux 6.06 LTS Powerpc
• Ubuntu Ubuntu Linux 6.06 LTS Sparc
• Ubuntu Ubuntu Linux 8.04 LTS Amd64
• Ubuntu Ubuntu Linux 8.04 LTS I386
• Ubuntu Ubuntu Linux 8.04 LTS Lpia
• Ubuntu Ubuntu Linux 8.04 LTS Powerpc
• Ubuntu Ubuntu Linux 8.04 LTS Sparc
• Ubuntu Ubuntu Linux 9.04 Amd64
• Ubuntu Ubuntu Linux 9.04 I386
• Ubuntu Ubuntu Linux 9.04 Lpia
• Ubuntu Ubuntu Linux 9.04 Powerpc
• Ubuntu Ubuntu Linux 9.04 Sparc
• Ubuntu Ubuntu Linux 9.10 Amd64
• Ubuntu Ubuntu Linux 9.10 I386
• Ubuntu Ubuntu Linux 9.10 Lpia
• Ubuntu Ubuntu Linux 9.10 Powerpc
• Ubuntu Ubuntu Linux 9.10 Sparc
• VMWare ESXi Server 3.5
• VMWare ESXi Server 4.0
• VMWare ESXi Server 4.1
• VMWare ESX Server 3.0.3
• VMWare ESX Server 3.5
• VMWare ESX Server 4.0
• VMWare ESX Server 4.1

References

• BugTraq: 42306
• CVE: CVE-2010-2939