Signature Detail
Short Name |
SSL:OVERFLOW:CIPHERS-OBO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow |
Release Date |
2010/10/18 |
Update Number |
1794 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow
There exits an off-by-one buffer overflow vulnerability in the OpenSSL library. The flaw is due to an off-by-one buffer check error in function "SSL_get_shared_ciphers()" . A remote attacker may exploit this vulnerability by sending a crafted list of ciphers to the affected server or an application that uses this function to inject and execute arbitrary code on the target system. In an attack case where code injection is not successful, the off-by-one byte buffer overflow may lead to overwriting of a local variable or return address which in turn may lead to data or memory access corruption. This could cause the termination of the server process. Note that the effect depends on the usage of the off-by-one byte in the specific application using this server function. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service.
Extended Description
OpenSSL is prone to an off-by-one buffer-overflow vulnerability because the library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of applications that use the affected library, but this has not been confirmed. Failed exploit attempts may crash applications, denying service to legitimate users. NOTE: This issue was introduced in the fix for the vulnerability described in BID 20249 (OpenSSL SSL_Get_Shared_Ciphers Buffer Overflow Vulnerability).
Affected Products
- Apple Mac OS X 10.4.0
- Apple Mac OS X 10.4.1
- Apple Mac OS X 10.4.10
- Apple Mac OS X 10.4.11
- Apple Mac OS X 10.4.2
- Apple Mac OS X 10.4.3
- Apple Mac OS X 10.4.4
- Apple Mac OS X 10.4.5
- Apple Mac OS X 10.4.6
- Apple Mac OS X 10.4.7
- Apple Mac OS X 10.4.8
- Apple Mac OS X 10.4.9
- Apple Mac OS X 10.5
- Apple Mac OS X 10.5.1
- Apple Mac OS X 10.5.2
- Apple Mac OS X 10.5.3
- Apple Mac OS X 10.5.4
- Apple Mac OS X Server 10.4.0
- Apple Mac OS X Server 10.4.1
- Apple Mac OS X Server 10.4.10
- Apple Mac OS X Server 10.4.11
- Apple Mac OS X Server 10.4.2
- Apple Mac OS X Server 10.4.3
- Apple Mac OS X Server 10.4.4
- Apple Mac OS X Server 10.4.5
- Apple Mac OS X Server 10.4.6
- Apple Mac OS X Server 10.4.7
- Apple Mac OS X Server 10.4.8
- Apple Mac OS X Server 10.4.9
- Apple Mac OS X Server 10.5
- Apple Mac OS X Server 10.5.1
- Apple Mac OS X Server 10.5.2
- Apple Mac OS X Server 10.5.3
- Apple Mac OS X Server 10.5.4
- Avaya Aura Application Enablement Services 3.0
- Avaya Aura Application Enablement Services 3.1
- Avaya Aura Application Enablement Services 3.1.3
- Avaya Aura Application Enablement Services 3.1.4
- Avaya CCS 2.0
- Avaya CCS 3.0
- Avaya CCS 3.1
- Avaya Communication Manager 3.0
- Avaya EMMC 1.017
- Avaya EMMC 1.021
- Avaya Interactive Response 2.0
- Avaya Interactive Response 3.0
- Debian Linux 3.1.0
- Debian Linux 3.1.0 Alpha
- Debian Linux 3.1.0 Amd64
- Debian Linux 3.1.0 Arm
- Debian Linux 3.1.0 Hppa
- Debian Linux 3.1.0 Ia-32
- Debian Linux 3.1.0 Ia-64
- Debian Linux 3.1.0 M68k
- Debian Linux 3.1.0 Mips
- Debian Linux 3.1.0 Mipsel
- Debian Linux 3.1.0 Ppc
- Debian Linux 3.1.0 S/390
- Debian Linux 3.1.0 Sparc
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- FreeBSD 5.5.0 -RELEASE
- FreeBSD 5.5.0 -STABLE
- FreeBSD 6.0.0 -RELEASE
- FreeBSD 6.0.0 -STABLE
- FreeBSD 6.0.0 .X
- FreeBSD 6.0 -RELEASE-P5
- FreeBSD 6.1 -RELEASE
- FreeBSD 6.1 -RELEASE-P10
- FreeBSD 6.1 -STABLE
- FreeBSD 6.2
- FreeBSD 6.2 -STABLE
- Gentoo Linux
- HP HP-UX B.11.11
- HP HP-UX B.11.23
- HP HP-UX B.11.31
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2007.0
- Mandriva Linux Mandrake 2007.0 X86 64
- Mandriva Linux Mandrake 2007.1
- Mandriva Linux Mandrake 2007.1 X86 64
- Mandriva Multi Network Firewall 2.0.0
- NetBSD 3.0.0
- NetBSD 3.0.1
- NetBSD 3.0.2
- NetBSD 3.1
- Nortel Networks Self-Service
- Nortel Networks Self-Service - CCSS7
- Nortel Networks Self-Service Media Processing Server
- Nortel Networks Self-Service MPS 1000
- Nortel Networks Self-Service Peri Application
- Nortel Networks Self-Service - Peri Application Rel 3.0
- Nortel Networks Self-Service Peri Workstation
- OpenBSD 4.0
- OpenSSL Project OpenSSL 0.9.7
- OpenSSL Project OpenSSL 0.9.7 A
- OpenSSL Project OpenSSL 0.9.7 B
- OpenSSL Project OpenSSL 0.9.7 Beta1
- OpenSSL Project OpenSSL 0.9.7 Beta2
- OpenSSL Project OpenSSL 0.9.7 Beta3
- OpenSSL Project OpenSSL 0.9.7 C
- OpenSSL Project OpenSSL 0.9.7 D
- OpenSSL Project OpenSSL 0.9.7 E
- OpenSSL Project OpenSSL 0.9.7 F
- OpenSSL Project OpenSSL 0.9.7 G
- OpenSSL Project OpenSSL 0.9.7 H
- OpenSSL Project OpenSSL 0.9.7 I
- OpenSSL Project OpenSSL 0.9.7 J
- OpenSSL Project OpenSSL 0.9.7 K
- OpenSSL Project OpenSSL 0.9.7 L
- OpenSSL Project OpenSSL 0.9.7 M
- OpenSSL Project OpenSSL 0.9.8
- OpenSSL Project OpenSSL 0.9.8 A
- OpenSSL Project OpenSSL 0.9.8 B
- OpenSSL Project OpenSSL 0.9.8 C
- OpenSSL Project OpenSSL 0.9.8 D
- OpenSSL Project OpenSSL 0.9.8 E
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora Core7
- rPath rPath Linux 1
- Sun Solaris 10 X86
- SuSE Linux 10.0 Ppc
- SuSE Linux 10.0 X86
- SuSE Linux 10.0 X86-64
- SuSE Linux 10.1 Ppc
- SuSE Linux 10.1 X86
- SuSE Linux 10.1 X86-64
- SuSE Linux Desktop 10
- SuSE Linux Personal 10.0.0 OSS
- SuSE Linux Personal 10.1
- SuSE Linux Personal 10.2
- SuSE Linux Personal 10.2 X86 64
- SuSE Linux Professional 10.0.0
- SuSE Linux Professional 10.0.0 OSS
- SuSE Linux Professional 10.1
- SuSE Linux Professional 10.2
- SuSE Linux Professional 10.2 X86 64
- SuSE Novell Linux Desktop 9.0.0
- SuSE Novell Linux POS 9
- SuSE Open-Enterprise-Server
- SuSE openSUSE 10.2
- SuSE openSUSE 10.3
- SuSE SUSE Linux Enterprise Desktop 10
- SuSE SUSE Linux Enterprise Desktop 10 SP1
- SuSE SUSE Linux Enterprise SDK 10
- SuSE SUSE Linux Enterprise SDK 10.SP1
- SuSE SUSE Linux Enterprise Server 10
- SuSE SUSE Linux Enterprise Server 10 SP1
- SuSE SUSE Linux Enterprise Server 8
- SuSE SuSE Linux Openexchange Server 4.0.0
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- SuSE UnitedLinux 1.0.0
- Turbolinux Appliance Server 1.0.0 Hosting Edition
- Turbolinux Appliance Server 1.0.0 Workgroup Edition
- Turbolinux Appliance Server 2.0
- Turbolinux Appliance Server Hosting Edition 1.0.0
- Turbolinux Appliance Server Workgroup Edition 1.0.0
- Turbolinux FUJI
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux Turbolinux Server 10.0.0
- Turbolinux Turbolinux Server 10.0.0 X64
- Turbolinux Turbolinux Server 8.0.0
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 6.10 Amd64
- Ubuntu Ubuntu Linux 6.10 I386
- Ubuntu Ubuntu Linux 6.10 Powerpc
- Ubuntu Ubuntu Linux 6.10 Sparc
- Ubuntu Ubuntu Linux 7.04 Amd64
- Ubuntu Ubuntu Linux 7.04 I386
- Ubuntu Ubuntu Linux 7.04 Powerpc
- Ubuntu Ubuntu Linux 7.04 Sparc
- VMWare ACE 1.0.0
- VMWare ACE 1.0.2
- VMWare ACE 1.0.2 Build 19206
- VMWare ACE 1.0.3
- VMWare ACE 1.0.4
- VMWare ACE 1.0.5
- VMWare ACE 1.0.5 Build 79846
- VMWare ACE 2.0.0
- VMWare ACE 2.0.1
- VMWare ACE 2.0.2
- VMWare ACE 2.0.2 Build 93057
- VMWare ACE 2.0.3
- VMWare ESXi Server 3.5
- VMWare ESX Server 2.5.4
- VMWare ESX Server 2.5.4 Patch 13
- VMWare ESX Server 2.5.5
- VMWare ESX Server 2.5.5 Patch 2
- VMWare ESX Server 3.0.1
- VMWare ESX Server 3.0.2
- VMWare ESX Server 3.5
- VMWare Fusion 1.0
- VMWare Fusion 1.1.0
- VMWare Fusion 1.1.1
- VMWare Fusion 1.1.2
- VMWare Fusion 1.1.2 Build 87978
- VMWare Player 1.0.1 Build 19317
- VMWare Player 1.0.2
- VMWare Player 1.0.3
- VMWare Player 1.0.4
- VMWare Player 1.0.5
- VMWare Player 1.0.6
- VMWare Player 1.0.6 Build 80404
- VMWare Player 1.0.7 Build 91707
- VMWare Player 2.0.0
- VMWare Player 2.0.1
- VMWare Player 2.0.2
- VMWare Player 2.0.3 Build 80004
- VMWare Player 2.0.4
- VMWare Player 2.0.4 Build 93057
- VMWare Player
- VMWare Player for Linux
- VMWare Server 1.0.2
- VMWare Server 1.0.3
- VMWare Server 1.0.4
- VMWare Server 1.0.5
- VMWare Server 1.0.5 Build 80187
- VMWare Server 1.0.6
- VMWare Server 1.0.6 Build 91891
- VMWare Server Beta
- VMWare Server RC-1
- VMWare Server Console 1.0.5 Build 80187
- VMWare Server for Linux
- VMWare VirtualCenter client 2.0.1 Patch 1
- VMWare Workstation 3.2.1 patch 1
- VMWare Workstation 3.4.0
- VMWare Workstation 4.0.0
- VMWare Workstation 4.0.1
- VMWare Workstation 4.0.2
- VMWare Workstation 4.5.2
- VMWare Workstation 5.0.0 .0 build-13124
- VMWare Workstation 5.5.0
- VMWare Workstation 5.5.1
- VMWare Workstation 5.5.1 Build 19175
- VMWare Workstation 5.5.3 Build 34685
- VMWare Workstation 5.5.3 Build 42958
- VMWare Workstation 5.5.4
- VMWare Workstation 5.5.4 Build 44386
- VMWare Workstation 5.5.5
- VMWare Workstation 5.5.6
- VMWare Workstation 5.5.6 Build 80404
- VMWare Workstation 5.5.7
- VMWare Workstation 5.5.7 Build 91707
- VMWare Workstation 6.0.0
- VMWare Workstation 6.0.1
- VMWare Workstation 6.0.2
- VMWare Workstation 6.0.3
- VMWare Workstation 6.0.3 Build 80004
- VMWare Workstation 6.0.4
- VMWare Workstation 6.0.4 Build 93057
- VMWare Workstation
- VMWare Workstation for Linux
References
- BugTraq: 25831
- CVE: CVE-2007-5135