Re: OpenSSL DoS/PoC in milw0rm

看板FB_security作者時間16年前 (2009/06/05 06:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/5 (看更多)
Oliver Pinter wrote: > the base system contins 0.9.8e and this PoC is affected up to 0.9.8i > not yet tested > the question is, the freebsd is affected for this error/malware/poc? > http://milw0rm.com/exploits/8873 (term1) OpenSSL> version OpenSSL 0.9.8e 23 Feb 2007 % openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 -dtls1 .... (term2) % ./cve-2009-1386 localhost 1234 [+] Sending DTLS datagram of death at localhost:1234... .... (term1) zsh: segmentation fault (core dumped) openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 GDB shows: Program received signal SIGSEGV, Segmentation fault. 0x480fe28d in ssl3_do_change_cipher_spec () from /usr/lib/libssl.so.5 .... 0x480fe28d <ssl3_do_change_cipher_spec+189>: mov %eax,0xac(%edx) .... (gdb) i r edx edx 0x0 0 Looks vulnerable, but I had to force DTLS using the -dtls1 switch, so it may not be much of an issue in most real world configurations? -- Pieter _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 pieter. 的文章
文章代碼(AID): #1AA4GV00 (FB_security)
更多 pieter. 的文章
文章代碼(AID): #1AA4GV00 (FB_security)