PROBLEM:
OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
PLATFORM:
OpenSSL prior to 0.9.8s; 1.x prior to 1.0.0f
ABSTRACT:
A remote user may be able to execute arbitrary code on the target system.
reference LINKS:
SecurityTracker Alert ID: 1026485
OpenSSL Security Advisory
IMPACT ASSESSMENT:
High
Discussion:
Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can obtain sensitive information. A remote user may be able to execute arbitrary code on the target system.
A remote user can conduct an efficient plaintext recovery attack against the OpenSSL implementation of Datagram Transport Layer Security (DTLS) CVE-2011-4108.
A remote user can trigger a double-free memory error when a policy check fails CVE-2011-4109. Version 0.9.8 systems with the X509_V_FLAG_POLICY_CHECK set are affected.
The bytes used as block cipher padding in SSL 3.0 records are not cleared. A remote user may be able to conduct a SSL 3.0 handshake to obtain memory contents CVE-2011-4576.
Specially crafted RFC 3779 data within a certificate may cause an assertion failure CVE-2011-4577. System builds configured with "enable-rfc3779" are affected.
A remote user can exploit a flaw in handshake restarts for server gated cryptograpy (SGC) to cause denial of service conditions on the target system CVE-2011-4619.
A remote user can send specially crafted GOST parameters to cause the target server to crash CVE-2012-0027. OpenSSL GOST ENGINE users are affected.
Impact:
A remote user may be able to execute arbitrary code on the target system.
A remote user can cause the target server to crash.
A remote user can obtain plaintext in certain cases.
Solution:
The vendor has issued fixes (0.9.8s & 1.0.0f)