|

»

freebsd-security

OpenSSL DoS/PoC in milw0rm

View: New views

5 Messages — Rating Filter: Alert me

	OpenSSL DoS/PoC in milw0rm by Oliver Pinter (Pintér Olivér) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message the base system contins 0.9.8e and this PoC is affected up to 0.9.8i not yet tested the question is, the freebsd is affected for this error/malware/poc? http://milw0rm.com/exploits/8873 _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	Re: OpenSSL DoS/PoC in milw0rm by Pieter de Boer :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Oliver Pinter wrote: > the base system contins 0.9.8e and this PoC is affected up to 0.9.8i > not yet tested > the question is, the freebsd is affected for this error/malware/poc? > http://milw0rm.com/exploits/8873 (term1) OpenSSL> version OpenSSL 0.9.8e 23 Feb 2007 % openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 -dtls1 ... (term2) % ./cve-2009-1386 localhost 1234 [+] Sending DTLS datagram of death at localhost:1234... ... (term1) zsh: segmentation fault (core dumped) openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 GDB shows: Program received signal SIGSEGV, Segmentation fault. 0x480fe28d in ssl3_do_change_cipher_spec () from /usr/lib/libssl.so.5 ... 0x480fe28d <ssl3_do_change_cipher_spec+189>: mov %eax,0xac(%edx) ... (gdb) i r edx edx 0x0 0 Looks vulnerable, but I had to force DTLS using the -dtls1 switch, so it may not be much of an issue in most real world configurations? -- Pieter _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	Re: OpenSSL DoS/PoC in milw0rm by Eygene Ryabinkin-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thu, Jun 04, 2009 at 10:15:34PM +0200, Oliver Pinter wrote: > the base system contins 0.9.8e and this PoC is affected up to 0.9.8i There was combined PR for the ports/base system OpenSSL, http://www.freebsd.org/cgi/query-pr.cgi?pr=134653 Probably more complete patch for DTLS stuff, http://sctp.fh-muenster.de/dtls/dtls-bugs.patch that additionally fixes MTU problems and other stuff can be integrated to the base system as it was recently done with the security/openssl. I am in ENOTIME now, so I'm not able to test these patches myself, sorry. -- Eygene _ ___ _.--. # \`.\|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ # _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	Re: OpenSSL DoS/PoC in milw0rm by Oliver Pinter (Pintér Olivér) :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message thanks for the fast reply, and the patch On 6/5/09, Eygene Ryabinkin <rea-fbsd@...> wrote: > Thu, Jun 04, 2009 at 10:15:34PM +0200, Oliver Pinter wrote: >> the base system contins 0.9.8e and this PoC is affected up to 0.9.8i > > There was combined PR for the ports/base system OpenSSL, > http://www.freebsd.org/cgi/query-pr.cgi?pr=134653 > > Probably more complete patch for DTLS stuff, > http://sctp.fh-muenster.de/dtls/dtls-bugs.patch > that additionally fixes MTU problems and other stuff can be integrated > to the base system as it was recently done with the security/openssl. > I am in ENOTIME now, so I'm not able to test these patches myself, sorry. > -- > Eygene > _ ___ _.--. # > \`.\|\..----...-'` `-._.-'_.-'` # Remember that it is hard > / ' ` , __.--' # to read the on-line manual > )/' _/ \ `-_, / # while single-stepping the kernel. > `-'" `"\_ ,_.-;_.-\_ ', fsc/as # > _.-'_./ {_.' ; / # -- FreeBSD Developers handbook > {_.-``-' {_/ # > _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."
	Re: OpenSSL DoS/PoC in milw0rm by Eygene Ryabinkin-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Oliver, good day. Fri, Jun 05, 2009 at 11:51:27AM +0200, Oliver Pinter wrote: > thanks for the fast reply, and the patch No problems. If you'll be messing with either of patches, please, report on your findings. Thanks! -- Eygene _ ___ _.--. # \`.\|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ # _______________________________________________ freebsd-security@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@..."