Signature Detail
Short Name |
SSL:OPENSSL-TLS-DOS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
OpenSSL ssl_get_algorithm2 TLS Denial of Service |
Release Date |
2014/03/20 |
Update Number |
2355 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: OpenSSL ssl_get_algorithm2 TLS Denial of Service
This signature detects attempts to exploit a known vulnerability in OpenSSL. The vulnerability is due to an error in ssl_get_algorithms2() where the SSL/TLS version is obtained from an incorrect structure leading to a NULL pointer dereference when computing a message digest. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service condition on applications that use the vulnerable version of the OpenSSL library.
Extended Description
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.
Affected Products
- openssl 1.0.0a
- openssl 1.0.0b
- openssl 1.0.0 (beta1)
- openssl 1.0.0 (beta2)
- openssl 1.0.0 (beta3)
- openssl 1.0.0 (beta4)
- openssl 1.0.0 (beta5)
- openssl 1.0.0c
- openssl 1.0.0d
- openssl 1.0.0e
- openssl 1.0.0f
- openssl 1.0.0g
- openssl 1.0.0h
- openssl 1.0.0i
- openssl 1.0.0j
- openssl 1.0.1a
- openssl 1.0.1b
- openssl 1.0.1 (beta1)
- openssl 1.0.1 (beta2)
- openssl 1.0.1 (beta3)
- openssl 1.0.1c
- openssl 1.0.1d
- openssl up to 1.0.1e
References
- BugTraq: 64530
- CVE: CVE-2013-6449