漏洞信息详情

OpenSSL DTLS Packets'ssl/d1_both.c'tls1_buffer_record函数拒绝服务漏洞

漏洞简介

OpenSSL是一个SSL和TLS协议的开源实现。核心库(用C编程语言)实现了基本的加密功能,并提供各种实用功能。

OpenSSL 0.9.8k版本及其早期0.9.8版本的ssl/d1_both.c的dtls1_process_out_of_seq_message函数中存在多个内存漏出。远程攻击者可以借助DTLS记录,造成拒绝服务 (内存破坏),且此记录是(1)副本或(2)具有比当前次序编号更大的次序编号,又称"DTLS碎片处理内存漏出"。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

MandrakeSoft Linux Mandrake 2008.1 x86_64

Mandriva lib64openssl0.9.8-0.9.8g-4.4mdv2008.1.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-devel-0.9.8g-4.4mdv2008.1.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-static-devel-0.9.8g-4.4mdv2008.1.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8g-4.4mdv2008.1.x86_64.rpm

http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2008.1

Mandriva libopenssl0.9.8-0.9.8g-4.4mdv2008.1.i586.rpm

http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-devel-0.9.8g-4.4mdv2008.1.i586.rpm

http://www.mandriva.com/en/download/

Mandriva libopenssl0.9.8-static-devel-0.9.8g-4.4mdv2008.1.i586.rpm

http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8g-4.4mdv2008.1.i586.rpm

http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2009.1 x86_64

Mandriva lib64openssl0.9.8-0.9.8k-1.1mdv2009.1.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-devel-0.9.8k-1.1mdv2009.1.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva lib64openssl0.9.8-static-devel-0.9.8k-1.1mdv2009.1.x86_64.rpm

http://www.mandriva.com/en/download/

Mandriva openssl-0.9.8k-1.1mdv2009.1.x86_64.rpm

http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_powerpc.udeb

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_powerpc.udeb

Ubuntu libssl-dev_0.9.8g-4ubuntu3.7_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.7_powerpc.deb

Ubuntu libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_powerpc.deb

Ubuntu libssl0.9.8_0.9.8g-4ubuntu3.7_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.7_powerpc.deb

Ubuntu openssl-doc_0.9.8g-4ubuntu3.7_all.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.7_all.deb

Ubuntu openssl_0.9.8g-4ubuntu3.7_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.7_powerpc.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.4_powerpc.udeb

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.4_powerpc.udeb

Ubuntu libssl-dev_0.9.8g-10.1ubuntu2.4_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.4_powerpc.deb

Ubuntu libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.4_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.4_powerpc.deb

Ubuntu libssl0.9.8_0.9.8g-10.1ubuntu2.4_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.4_powerpc.deb

Ubuntu openssl-doc_0.9.8g-10.1ubuntu2.4_all.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-10.1ubuntu2.4_all.deb

Ubuntu openssl_0.9.8g-10.1ubuntu2.4_powerpc.deb

http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.4_powerpc.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_sparc.udeb

http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.7_sparc.udeb

Ubuntu libssl-dev_0.9.8g-4ubuntu3.7_sparc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.7_sparc.deb

Ubuntu libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_sparc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.7_sparc.deb

Ubuntu libssl0.9.8_0.9.8g-4ubuntu3.7_sparc.deb

http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.7_sparc.deb

Ubuntu openssl-doc_0.9.8g-4ubuntu3.7_all.deb

http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.7_all.deb

Ubuntu openssl_0.9.8g-4ubuntu3.7_sparc.deb

http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.7_sparc

参考网址

来源: rt.openssl.org

链接:http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest

来源: MLIST

名称: [openssl-dev] 20090516 [openssl.org #1931] [PATCH] DTLS fragment handling memory leak

链接:http://marc.info/?l=openssl-dev&m=124247679213944&w=2

来源: cvs.openssl.org

链接:http://cvs.openssl.org/chngview?cn=18188

来源: MISC

链接:https://launchpad.net/bugs/cve/2009-1378

来源: VUPEN

名称: ADV-2009-1377

链接:http://www.vupen.com/english/advisories/2009/1377

来源: UBUNTU

名称: USN-792-1

链接:http://www.ubuntu.com/usn/USN-792-1

来源: SECTRACK

名称: 1022241

链接:http://www.securitytracker.com/id?1022241

来源: BID

名称: 35001

链接:http://www.securityfocus.com/bid/35001

来源: MLIST

名称: [oss-security] 20090518 Two OpenSSL DTLS remote DoS

链接:http://www.openwall.com/lists/oss-security/2009/05/18/1

来源: MILW0RM

名称: 8720

链接:http://www.milw0rm.com/exploits/8720

来源: MANDRIVA

名称: MDVSA-2009:120

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:120

来源: voodoo-circle.sourceforge.net

链接:http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html

来源: sourceforge.net

链接:http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net

来源: SECUNIA

名称: 37003

链接:http://secunia.com/advisories/37003

来源: SECUNIA

名称: 35729

链接:http://secunia.com/advisories/35729

来源: SECUNIA

名称: 35571

链接:http://secunia.com/advisories/35571

来源: SECUNIA

名称: 35461

链接:http://secunia.com/advisories/35461

来源: SECUNIA

名称: 35416

链接:http://secunia.com/advisories/35416

来源: SECUNIA

名称: 35128

链接:http://secunia.com/advisories/35128

来源: MLIST

名称: [openssl-dev] 20090518 Re: [openssl.org #1931] [PATCH] DTLS fragment handling memory leak

链接:http://marc.info/?l=openssl-dev&m=124263491424212&w=2

来源: SUSE

名称: SUSE-SR:2009:011

链接:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html

来源: NETBSD

名称: NetBSD-SA2009-009

链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多