Vigil@nce - OpenSSL: denial of service via DTLS Recursion
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is located on a DTLS server, can use a malicious
handshake, in order to trigger a denial of service in OpenSSL
client applications.
– Impacted products: ArubaOS, ProxyAV, ProxySG, Cisco ASR, Cisco
ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA,
Cisco ESA, IOS, IOS XE, IOS XR, Cisco IP Communicator, Cisco IPS,
IronPort Email, IronPort Encryption, IronPort Management, IronPort
Web, Cisco Nexus, NX-OS, Cisco Prime, Secure ACS, Cisco CUCM,
Cisco Unified CCX, Cisco IP Phone, Cisco Wireless IP Phone, Cisco
Unity, Cisco WSA, Debian, BIG-IP Appliance, Fedora, FortiAnalyzer,
FortiAnalyzer Virtual Appliance, FortiClient, FortiManager,
FortiManager Virtual Appliance, FreeBSD, HP-UX, AIX, JUNOS, Junos
Pulse, Juniper Network Connect, Juniper UAC, MBS, MES, McAfee Web
Gateway, NetBSD, OpenBSD, OpenSSL, openSUSE, RHEL, Slackware,
stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu
– Severity: 2/4
– Creation date: 05/06/2014
DESCRIPTION OF THE VULNERABILITY
The OpenSSL product implements DTLS, which uses a handshake.
However, a special handshake triggers an infinite recursion in the
OpenSSL client.
An attacker, who is located on a DTLS server, can therefore use a
malicious handshake, in order to trigger a denial of service in
OpenSSL client applications.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-denial-of-service-via-DTLS-Recursion-14845