Multiple Denial of Service vulnerabilities exist in how OpenSSL
versions 0.9.6 to 0.9.7 handle ASN.1 based X.509 certificates. These
are documented in :
CVE-2003-0851 CERT-VN:VU#412478
CVE-2003-0543 CERT-VN:VU#255484
CVE-2003-0544 CERT-VN:VU#380864
CVE-2003-0545 CERT-VN:VU#935264
The problem exists in how Tag type and length values of ANS.1 Objects
are specified in a certificate. Malformed certificates will trigger a
Denial of service. How do we write a signature to detect and validate
all the ASN.1 objects in the certificate?
Sample PCAP of genuine traffic can be found at :
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&targe
t=snakeoil2_070531.tgz
Multiple Denial of Service vulnerabilities exist in how OpenSSL
versions 0.9.6 to 0.9.7 handle ASN.1 based X.509 certificates. These
are documented in :
CVE-2003-0851 CERT-VN:VU#412478
CVE-2003-0543 CERT-VN:VU#255484
CVE-2003-0544 CERT-VN:VU#380864
CVE-2003-0545 CERT-VN:VU#935264
The problem exists in how Tag type and length values of ANS.1 Objects
are specified in a certificate. Malformed certificates will trigger a
Denial of service. How do we write a signature to detect and validate
all the ASN.1 objects in the certificate?
Sample PCAP of genuine traffic can be found at :
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&targe
t=snakeoil2_070531.tgz
Jacki
[ reply ]