Internet threat level: 1
Home→Descriptions→SA37291
OpenSSL Two Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
06 Nov 2009 |
| Last Change |
03 Mar 2010 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
OpenSSL 0.9.x |
| Where | |
| Impact |
Manipulation of dataThis includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access. The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries. UnknownCovers various weaknesses, security issues, and vulnerabilities not covered by the other impact types, or where the impact isn't known due to insufficient information from vendors and researchers. |
| Description |
Two vulnerabilities have been reported in OpenSSL, where one has unknown impacts and the other can be exploited by malicious people to manipulate certain data. 1) A vulnerability is caused due to an error in the TLS protocol while handling session re-negotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session via Man-in-the-Middle (MitM) attacks. Successful exploitation may allow e.g. sending an arbitrary HTTP request under an authenticated context if certificate-based authentication is used by the server. 2) A vulnerability is caused due to the library not properly verifying the return value of the "bn_wexpand()" function. |
| Solution |
Update to version 0.9.8m. |
| Reported by |
1) Independently discovered by Marsh Ray, PhoneFactor and Martin Rex. |
| Original Advisory |
OpenSSL: Martin Rex: PhoneFactor: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.