SecureScoutLogo.jpg
OpenSSL Double free() Vulnerability



Go to Vulnerabilities List

General Info

TC: 12101
Description: OpenSSL is a very popular library supporting SSL and cryptographic functions working on many different platforms.
Some versions of the 0.9.7 branch are vulnerable to a problem in the ASN.1 parser. The problem occurs in a bogus double deallocation of memory.
SSL and TLS protocols are not directly based on ASN.1, but they do rely on ASN.1 objects used in cryptographic elements.
An attack using this vulnerability will result in a denial of service. Arbitrary execution though not proven could be possible.
TC Impact: Gather Info
Service: http


Specific Operations and Actions:

Vulnerability Publication: September 30, 2003
Advisory Copyright: NISCC
Summary: It is possible to create a DOS and probably run code on your computer using a bug in OpenSSL.
Risk: High
CVSS 2.0 metrics: Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
CVSS 2.0 Base Score: 10
Vulnerability Impact: Denial of Service
Attack
Host Impact: Service can be stopped. Possible arbitrary code execution.
Nature of Remediation: Update the software.
Step required to fix the reported vulnerability:

***** Solution type: Upgrade Software *****

Upgrade to OpenSSL 0.9.7c or later or check with you vendor for a fixed version. See references for more details.


Glossary and References :

References: www.sans.org/top20/
* FULLDISC: 20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/011172.html
* VULNWATCH: 20030929 Vulnerability Issues in OpenSSL
http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0121.html
* CONFIRM:
http://www-1.ibm.com/support/docview.wss?uid=swg21247112
* REDHAT: RHSA-2003:292
http://www.redhat.com/support/errata/RHSA-2003-292.html
* DEBIAN: DSA-394
http://www.debian.org/security/2003/dsa-394
* CERT: CA-2003-26
http://www.cert.org/advisories/CA-2003-26.html
* CERT-VN: VU#935264
http://www.kb.cert.org/vuls/id/935264
* BID: 8732
http://www.securityfocus.com/bid/8732
* FRSIRT: ADV-2006-3900
http://www.frsirt.com/english/advisories/2006/3900
* OVAL: oval:org.mitre.oval:def:2590
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2590
* SECUNIA: 22249
http://secunia.com/advisories/22249
* MISC:
http://www.openssl.org/news/secadv_20030930.txt
* MISC: CERT Vulnerability Note on multiple vulnerabilities in SSL/TLS implementations:
http://www.kb.cert.org/vuls/id/104280

CVE Link: CVE-2003-0545
 CVE Compatible

Glossary: Arbitrary Command Execution
Denial of Service
SSL

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)