DTLS
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
* Crafted TCP Segment Denial of Service Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
* NT LAN Manager version 1 (NTLMv1) Authentication Bypass
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in OpenSSL:
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k
and earlier 0.9.8 versions allows remote attackers to cause a denial
of service (memory consumption) via a large series of future epoch
DTLS records that are buffered in a queue, aka DTLS record buffer
limitation bug. (CVE-2009-1377)
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
It was discovered that OpenSSL did not limit the number of DTLS records it
would buffer when they arrived with a future epoch. A remote attacker could
cause a denial of service via memory resource consumption by sending a
large number of crafted requests. (CVE-2009-1377)
It was discovered that OpenSSL did not properly free memory when processing
- -----------------------
Vulnerability A
- ---------------
Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which
could lead to the compromise of clients and servers with DTLS enabled.
DTLS is a datagram variant of TLS specified in RFC 4347 first
supported in OpenSSL version 0.9.8. Note that the vulnerabilities do
not affect SSL and TLS so only clients and servers explicitly using
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in OpenSSL:
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k
and earlier 0.9.8 versions allows remote attackers to cause a denial
of service (memory consumption) via a large series of future epoch
DTLS records that are buffered in a queue, aka DTLS record buffer
limitation bug. (CVE-2009-1377)
cryptographically strong, as demonstrated by Dan Kaminsky.
Certificates using this algorithm are no longer accepted
(CVE-2009-2409).
* Daniel Mentz and Robin Seggelmann reported the following
vulnerabilities related to DTLS: A use-after-free flaw
(CVE-2009-1379) and a NULL pointer dereference (CVE-2009-1387) in the
dtls1_retrieve_buffered_fragment() function in src/d1_both.c,
multiple memory leaks in the dtls1_process_out_of_seq_message()
function in src/d1_both.c (CVE-2009-1378), and a processing error
related to a large amount of DTLS records with a future epoch in the
After a standard system upgrade you need to reboot your computer to
affect the necessary changes.
Details follow:
Andy Polyakov discovered that the DTLS implementation in OpenSSL
was vulnerable. A remote attacker could send a specially crafted
connection request to services using DTLS and execute arbitrary code
with the service's privileges. There are no known Ubuntu applications
that are currently using DTLS.
Problem Description:
Multiple vulnerabilities was discovered and corrected in openssl:
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
>
>Description
>===========
>
>Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is
>caused due to an unspecified off-by-one error within the DTLS
>implementation.
>
>Impact
>======
>
Affected: 2007.0, 2007.1, 2008.0
_______________________________________________________________________
Problem Description:
A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could
be exploited by attackers to potentially execute arbitrary code. It
is questionable as to whether the DTLS support even worked or is used
in any applications; as a result this flaw most likely does not affect
most Mandriva users.
Problem Description:
Multiple vulnerabilities was discovered and corrected in openssl:
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment
function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote
attackers to cause a denial of service (openssl s_client crash)
and possibly have unspecified other impact via a DTLS packet, as
demonstrated by a packet from a server that uses a crafted server
certificate (CVE-2009-1379).
For the old stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for
openssl097.
The OpenSSL 0.9.8 update for oldstable (etch) also provides updated
packages for multiple denial of service vulnerabilities in the
Datagram Transport Layer Security implementation. These fixes were
already provided for Debian stable (Lenny) in a previous point
update. The OpenSSL 0.9.7 package from oldstable (Etch) is not
affected. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379,
CVE-2009-1386 and CVE-2009-1387)
instructions on key rollovers for packages using SSL certificates.
Popular packages not affected will also be listed.
In addition to this critical change, two other vulnerabilities have been
fixed in the openssl package which were originally scheduled for release
with the next etch point release: OpenSSL's DTLS (Datagram TLS,
basically "SSL over UDP") implementation did not actually implement the
DTLS specification, but a potentially much weaker protocol, and
contained a vulnerability permitting arbitrary code execution
(CVE-2007-4995). A side channel attack in the integer multiplication
routines is also addressed (CVE-2007-3108).
Description
===========
Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is
caused due to an unspecified off-by-one error within the DTLS
implementation.
Impact
======
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. vMA and Service Console update for openssl to 0.9.8e-12.el5
SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-
strength cryptography world-wide.
Multiple denial of service flaws were discovered in OpenSSL's DTLS
implementation. A remote attacker could use these flaws to cause a
DTLS server to use excessive amounts of memory, or crash on an
Multiple vulnerabilities was discovered and corrected in openssl:
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to
cause a denial of service (NULL pointer dereference and daemon crash)
via a DTLS ChangeCipherSpec packet that occurs before ClientHello
(CVE-2009-1386).
The NSS library library before 3.12.3, as used in Firefox; GnuTLS
before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other
products support MD2 with X.509 certificates, which might allow
| | The combination of call token validation and call number |
| | allocation limits is used to mitigate this denial of |
| | service issue. |
| | |
| | An alternative approach to securing IAX2 would be to use |
| | a security layer on top of IAX2, such as DTLS [RFC4347] |
| | or IPsec [RFC4301]. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|
