SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1026957
SecurityTracker URL:  http://securitytracker.com/id/1026957
CVE Reference:   CVE-2012-2110, CVE-2012-2131   (Links to External Site)
Updated:  Apr 24 2012
Original Entry Date:  Apr 20 2012
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.9.8w and 1.0.0i
Description:   A vulnerability was reported in OpenSSL. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the target application using OpenSSL to potentially trigger a heap overflow in the asn1_d2i_read_bio() function and execute arbitrary code on the target system. The code will run with the privileges of the target application.

Applications that use ASN.1 BIO or FILE based functions to read untrusted DER format data are affected. The d2i_*_bio and d2i_*_fp type of functions are affected.

Applications that use the memory based ASN1 functions (e.g., d2i_X509, d2i_PKCS12 etc) are not affected.

The SSL/TLS code is not affected.

Applications using only the PEM routines are not affected.

S/MIME and CMS applications that use the built-in MIME parser SMIME_read_PKCS7 and SMIME_read_CMS functions are affected.

Tavis Ormandy, Google Security Team, reported this vulnerability.
Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (0.9.8w, 1.0.0i, 1.0.1a).

The vendor's advisories are available at:

http://www.openssl.org/news/secadv_20120419.txt
http://www.openssl.org/news/secadv_20120424.txt

[Editor's note: The vendor originally issued a fix in version 0.9.8v but reported on April 24, 2012 that the fix in that version was incomplete [CVE-2012-2131] and issued a revised fix in version 0.9.8w.]
Vendor URL:  www.openssl.org/news/secadv_20120424.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 25 2012 (Red Hat Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Apr 25 2012 (Red Hat Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has issued a fix for 3, 4, 5.3, 5.6, 6.0, and 6.1.
May 3 2012 (FreeBSD Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 7.4, 8.1, 8.2, 8.3, and 9.0.
May 31 2012 (FreeBSD Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code   (FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 7.4, 8.1, 8.2, 8.3, and 9.0.
Jun 8 2012 (NetBSD Issues Fix) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
NetBSD has issued a fix.
Jun 15 2012 (Attachmate Issues Fix for Reflection) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Attachmate has issued a fix for Attachmate Reflection.
Aug 31 2012 (VMware Issues Fix for vSphere and vCOps) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code   (VMware Security Announcements <security-announce@lists.vmware.com>)
VMware has issued a fix for vSphere and vCOps.
Dec 12 2012 (Blue Coat Issues Advisory for IntelligenceCenter) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Blue Coat has issued an advisory for Blue Coat IntelligenceCenter.
Dec 12 2012 (Blue Coat Issues Fix for Blue Coat ProxySG) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Blue Coat has issued a fix for Blue Coat ProxySG.
Feb 28 2013 (IBM Issues Fix for AIX) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
IBM has issued a fix for AIX 5.3, 6.1, and 7.1.
Apr 3 2013 (Juniper Issues Fix for ScreenOS) OpenSSL asn1_d2i_read_bio() Buffer Overflow Lets Remote Users Execute Arbitrary Code
Juniper has issued a fix for ScreenOS.


 Source Message Contents
Date:  Fri, 20 Apr 2012 16:36:33 +0000
Subject:  OpenSSL


http://www.openssl.org/news/secadv_20120419.txt

CVE-2012-2110


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC