Lucene search

K
nessusTenable801061.PRM
HistoryDec 02, 2011 - 12:00 a.m.

OpenSSL < 0.9.8h Multiple Vulnerabilities

2011-12-0200:00:00
Tenable
www.tenable.com
8

Versions of OpenSSL earlier than 0.9.8h are potentially affected by multiple vulnerabilities :

  • A double-free error exists related to the handling of server name extension data and specially crafted TLS 1.0 β€˜Client Hello’ packets. This can cause application crashes. Note that successful exploitation requires that OpenSSL is compiled with the TLS server name extensions. (CVE-2008-0891)

  • A NULL pointer dereference error exists related to anonymous Diffie-Hellman key exchange and TLS handshakes. This can be exploited by omitting the β€˜Server Key exchange message’ from the handshake and can cause application crashes. (CVE-2008-1672)

  • On 32-bit builds, an information disclosure vulnerability exists during certain calculations for NIST elliptic curves P-256 or P-384. This error can allow an attacker to recover the private key of the TLS server.

The following are required for exploitation :

- 32-bit build

- Use of elliptic curves P-256 and/or P-384

- Either the use of ECDH family ciphers and/or the use of ECDHE family ciphers without the SSL_OP_SINGLE_ECDH_USE context option. (CVE-2011-4354)
Binary data 801061.prm