National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-1378)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-1378

Original release date:05/19/2009

Last revised:01/23/2013

Source: US-CERT/NIST

Overview

Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak."

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/02/2009)

This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

Type: Patch Information

Hyperlink:http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

External Source: MLIST

Name: [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak

Type: Patch Information

Hyperlink:http://marc.info/?l=openssl-dev&m=124247679213944&w=2

External Source: CONFIRM

Name: http://cvs.openssl.org/chngview?cn=18188

Type: Patch Information

Hyperlink:http://cvs.openssl.org/chngview?cn=18188

External Source: MISC

Name: https://launchpad.net/bugs/cve/2009-1378

Hyperlink:https://launchpad.net/bugs/cve/2009-1378

External Source: CONFIRM

Name: https://kb.bluecoat.com/index?page=content&id=SA50

Hyperlink:https://kb.bluecoat.com/index?page=content&id=SA50

External Source: VUPEN

Name: ADV-2010-0528

Hyperlink:http://www.vupen.com/english/advisories/2010/0528

External Source: VUPEN

Name: ADV-2009-1377

Hyperlink:http://www.vupen.com/english/advisories/2009/1377

External Source: UBUNTU

Name: USN-792-1

Hyperlink:http://www.ubuntu.com/usn/USN-792-1

External Source: SECTRACK

Name: 1022241

Hyperlink:http://www.securitytracker.com/id?1022241

External Source: BID

Name: 35001

Hyperlink:http://www.securityfocus.com/bid/35001

External Source: REDHAT

Name: RHSA-2009:1335

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1335.html

External Source: MLIST

Name: [oss-security] 20090518 Two OpenSSL DTLS remote DoS

Hyperlink:http://www.openwall.com/lists/oss-security/2009/05/18/1

External Source: MILW0RM

Name: 8720

Hyperlink:http://www.milw0rm.com/exploits/8720

External Source: MANDRIVA

Name: MDVSA-2009:120

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:120

External Source: CONFIRM

Name: http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

Hyperlink:http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

External Source: CONFIRM

Name: http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

Hyperlink:http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

External Source: SLACKWARE

Name: SSA:2010-060-02

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049

External Source: GENTOO

Name: GLSA-200912-01

Hyperlink:http://security.gentoo.org/glsa/glsa-200912-01.xml

External Source: SECUNIA

Name: 42733

Hyperlink:http://secunia.com/advisories/42733

External Source: SECUNIA

Name: 42724

Hyperlink:http://secunia.com/advisories/42724

External Source: SECUNIA

Name: 38834

Hyperlink:http://secunia.com/advisories/38834

External Source: SECUNIA

Name: 38794

Hyperlink:http://secunia.com/advisories/38794

External Source: SECUNIA

Name: 38761

Hyperlink:http://secunia.com/advisories/38761

External Source: SECUNIA

Name: 37003

Hyperlink:http://secunia.com/advisories/37003

External Source: SECUNIA

Name: 36533

Hyperlink:http://secunia.com/advisories/36533

External Source: SECUNIA

Name: 35729

Hyperlink:http://secunia.com/advisories/35729

External Source: SECUNIA

Name: 35571

Hyperlink:http://secunia.com/advisories/35571

External Source: SECUNIA

Name: 35461

Hyperlink:http://secunia.com/advisories/35461

External Source: SECUNIA

Name: 35416

Hyperlink:http://secunia.com/advisories/35416

External Source: SECUNIA

Name: 35128

Type: Advisory

Hyperlink:http://secunia.com/advisories/35128

External Source: OVAL

Name: oval:org.mitre.oval:def:7229

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7229

External Source: OVAL

Name: oval:org.mitre.oval:def:11309

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11309

External Source: MLIST

Name: [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak

Hyperlink:http://marc.info/?l=openssl-dev&m=124263491424212&w=2

External Source: MLIST

Name: [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates

Hyperlink:http://lists.vmware.com/pipermail/security-announce/2010/000082.html

External Source: SUSE

Name: SUSE-SR:2009:011

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

External Source: HP

Name: HPSBMA02492

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

External Source: HP

Name: HPSBMA02492

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444

External Source: NETBSD

Name: NetBSD-SA2009-009

Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

References to Check Content

Identifier:oval:org.mitre.oval:def:7229

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7229

Identifier:oval:org.mitre.oval:def:11309

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11309

Vulnerable software and versions

Configuration 1

* cpe:/a:openssl:openssl:0.9.8a

* cpe:/a:openssl:openssl:0.9.8b

* cpe:/a:openssl:openssl:0.9.8c

* cpe:/a:openssl:openssl:0.9.8d

* cpe:/a:openssl:openssl:0.9.8e

* cpe:/a:openssl:openssl:0.9.8f

* cpe:/a:openssl:openssl:0.9.8g

* cpe:/a:openssl:openssl:0.9.8h

* cpe:/a:openssl:openssl:0.9.8i

* cpe:/a:openssl_project:openssl:0.9.8c-5

* cpe:/a:openssl_project:openssl:0.9.8c-6

* cpe:/a:openssl_project:openssl:0.9.8c-3

* cpe:/a:openssl_project:openssl:0.9.8c-4

* cpe:/a:openssl:openssl:0.9.8j

* cpe:/a:openssl_project:openssl:0.9.8c-1

* cpe:/a:openssl_project:openssl:0.9.8c-2

* cpe:/a:openssl_project:openssl:0.9.8c-7

* cpe:/a:openssl_project:openssl:0.9.8c-8

* cpe:/a:openssl:openssl:0.9.8k and previous versions

* cpe:/a:openssl_project:openssl:0.9.8d-4

* cpe:/a:openssl_project:openssl:0.9.8d-5

* cpe:/a:openssl_project:openssl:0.9.8d-2

* cpe:/a:openssl_project:openssl:0.9.8d-3

* cpe:/a:openssl_project:openssl:0.9.8c-9

* cpe:/a:openssl_project:openssl:0.9.8d-8

* cpe:/a:openssl_project:openssl:0.9.8d-1

* cpe:/a:openssl_project:openssl:0.9.8d-9

* cpe:/a:openssl_project:openssl:0.9.8d-6

* cpe:/a:openssl_project:openssl:0.9.8d-7

* cpe:/a:openssl_project:openssl:0.9.8e-9

* cpe:/a:openssl_project:openssl:0.9.8e-7

* cpe:/a:openssl_project:openssl:0.9.8e-8

* cpe:/a:openssl_project:openssl:0.9.8e-5

* cpe:/a:openssl_project:openssl:0.9.8e-6

* cpe:/a:openssl_project:openssl:0.9.8e-3

* cpe:/a:openssl_project:openssl:0.9.8e-4

* cpe:/a:openssl_project:openssl:0.9.8f

* cpe:/a:openssl_project:openssl:0.9.8e-1

* cpe:/a:openssl_project:openssl:0.9.8e-2

* cpe:/a:openssl_project:openssl:0.9.8f-2

* cpe:/a:openssl_project:openssl:0.9.8f-3

* cpe:/a:openssl_project:openssl:0.9.8f-1

* cpe:/a:openssl_project:openssl:0.9.8f-9

* cpe:/a:openssl_project:openssl:0.9.8g

* cpe:/a:openssl_project:openssl:0.9.8f-8

* cpe:/a:openssl_project:openssl:0.9.8f-7

* cpe:/a:openssl_project:openssl:0.9.8f-6

* cpe:/a:openssl_project:openssl:0.9.8f-5

* cpe:/a:openssl_project:openssl:0.9.8f-4

* cpe:/a:openssl_project:openssl:0.9.8g-9

* cpe:/a:openssl_project:openssl:0.9.8g-8

* cpe:/a:openssl_project:openssl:0.9.8g-7

* cpe:/a:openssl_project:openssl:0.9.8g-6

* cpe:/a:openssl_project:openssl:0.9.8g-5

* cpe:/a:openssl_project:openssl:0.9.8g-4

* cpe:/a:openssl_project:openssl:0.9.8g-3

* cpe:/a:openssl_project:openssl:0.9.8g-2

* cpe:/a:openssl_project:openssl:0.9.8g-1

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Resource Management Errors (CWE-399)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378