FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- OpenSSL multiple vulnerabilities

Affected packages
7.4 <= FreeBSD < 7.4_8
8.1 <= FreeBSD < 8.1_10
8.2 <= FreeBSD < 8.2_8
8.3 <= FreeBSD < 8.3_2
9.0 <= FreeBSD < 9.0_2

Details

VuXML ID 2ae114de-c064-11e1-b5e0-000c299b62e1
Discovery 2012-05-03
Entry 2012-06-27

Problem description:

OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. [CVE-2011-4576]

OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. [CVE-2011-4619]

If an application uses OpenSSL's certificate policy checking when verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK flag, a policy check failure can lead to a double-free. [CVE-2011-4109]

A weakness in the OpenSSL PKCS #7 code can be exploited using Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the million message attack (MMA). [CVE-2012-0884]

The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp functions, in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can occur on systems that parse untrusted ASN.1 data, such as X.509 certificates or RSA public keys. [CVE-2012-2110]

References

CVE Name CVE-2011-4109
CVE Name CVE-2011-4576
CVE Name CVE-2011-4619
CVE Name CVE-2012-0884
CVE Name CVE-2012-2110
FreeBSD Advisory SA-12:01.openssl