Date: Thu, 04 Jun 2009 23:46:55 +0200 From: Pieter de Boer <pieter@thedarkside.nl> To: Oliver Pinter <oliver.pntr@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: OpenSSL DoS/PoC in milw0rm Message-ID: <4A2840CF.6020209@thedarkside.nl> In-Reply-To: <6101e8c40906041315t5b9c2b6ep4f35b2068586f2c3@mail.gmail.com> References: <6101e8c40906041315t5b9c2b6ep4f35b2068586f2c3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Oliver Pinter wrote: > the base system contins 0.9.8e and this PoC is affected up to 0.9.8i > not yet tested > the question is, the freebsd is affected for this error/malware/poc? > http://milw0rm.com/exploits/8873 (term1) OpenSSL> version OpenSSL 0.9.8e 23 Feb 2007 % openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 -dtls1 ... (term2) % ./cve-2009-1386 localhost 1234 [+] Sending DTLS datagram of death at localhost:1234... ... (term1) zsh: segmentation fault (core dumped) openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 GDB shows: Program received signal SIGSEGV, Segmentation fault. 0x480fe28d in ssl3_do_change_cipher_spec () from /usr/lib/libssl.so.5 ... 0x480fe28d <ssl3_do_change_cipher_spec+189>: mov %eax,0xac(%edx) ... (gdb) i r edx edx 0x0 0 Looks vulnerable, but I had to force DTLS using the -dtls1 switch, so it may not be much of an issue in most real world configurations? -- Pieter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A2840CF.6020209>