ID CVE-2009-1379
Summary Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 29-09-2017 - 01:34)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
  • accepted 2014-01-20T04:01:29.907-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
    family unix
    id oval:org.mitre.oval:def:6848
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
    version 8
  • accepted 2013-04-29T04:21:47.986-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
    family unix
    id oval:org.mitre.oval:def:9744
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.
    version 18
redhat via4
advisories
rhsa
id RHSA-2009:1335
rpms
  • openssl-0:0.9.8e-12.el5
  • openssl-devel-0:0.9.8e-12.el5
  • openssl-perl-0:0.9.8e-12.el5
refmap via4
bid 35138
confirm
gentoo GLSA-200912-01
hp
  • HPSBMA02492
  • SSRT100079
misc https://launchpad.net/bugs/cve/2009-1379
mlist
  • [oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS
  • [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
netbsd NetBSD-SA2009-009
sectrack 1022241
secunia
  • 35416
  • 35461
  • 35571
  • 35729
  • 36533
  • 37003
  • 38761
  • 38794
  • 38834
  • 42724
  • 42733
slackware SSA:2010-060-02
suse SUSE-SR:2009:011
ubuntu USN-792-1
vupen
  • ADV-2009-1377
  • ADV-2010-0528
xf openssl-dtls1retrievebufferedfragment-dos(50661)
statements via4
contributor Tomas Hoger
lastmodified 2009-09-02
organization Red Hat
statement This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5 by http://rhn.redhat.com/errata/RHSA-2009-1335.html Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.
Last major update 29-09-2017 - 01:34
Published 19-05-2009 - 19:30
Back to Top