Severity: 2/4
 Consequences: user access/rights, denial of service of service
 Provenance: intranet client
 Means of attack: no proof of concept, no attack
 Ability of attacker: expert (4/4)
 Confidence: confirmed by the editor (5/5)
 Diffusion of the vulnerable configuration: high (3/3)
 Creation date: 08/03/2010

IMPACTED PRODUCTS

 OpenSSL
 Slackware Linux

DESCRIPTION OF THE VULNERABILITY

The BN (BIGNUM) module of the OpenSSL suite implements the management of big numbers.

The bn_wexpand() function extends the size of a BIGNUM, to ensure it can contain ’n’ bytes: bn_wexpand(bignumber, n);

Several functions of OpenSSL use bn_wexpand(), in files crypto/bn/bn_div.c, crypto/bn/bn_gf2m.c, crypto/ec/ec2_smpl.c, and engines/e_ubsec.c. However, they do not check if the size extension failed, before using the BIGNUM. An overflow can thus occur.

When an application uses the affected functions, this overflow can create a denial of service, or lead to code execution.

CHARACTERISTICS

 Identifiers: BID-38562, CVE-2009-3245, SSA:2010-060-02, VIGILANCE-VUL-9503
 Url: http://vigilance.fr/vulnerability/O...