Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

from [Moritz Jodeit] Network Security [Permanent Link]
Subject: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
Date: Thu, 27 Sep 2007 18:21:40 +0200 
-----------------------------------------------------------------
OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

Copyright (c) 2007 Moritz Jodeit <moritz@jodeit.org> (2007/09/27)
-----------------------------------------------------------------

Application details:

        OpenSSL is a widely used open source implementation of the
        SSL v2/v3 and TLS v1 protocols.

Vulnerability description:

        OpenSSL 0.9.7l and 0.9.8d fixed a buffer overflow found in
        the SSL_get_shared_ciphers() function reported by Tavis
        Ormandy and Will Drewry of the Google Security Team.

        Although this fix prevented the unlimited overflow of the
        buffer, it still allowed an off-by-one buffer overflow to
        happen, which could potentially still result in remote code
        execution.

        Here is an excerpt of the function from ssl/ssl_lib.c:

        p=buf;
        sk=s->session->ciphers;
        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                {
                /* Decrement for either the ':' or a '\0' */
                len--;                                          [4]
                c=sk_SSL_CIPHER_value(sk,i);
                for (cp=c->name; *cp; )
                        {
                        if (len-- <= 0)                         [1]
                                {
                                *p='\0';                        [5]
                                return(buf);
                                }
                        else
                                *(p++)= *(cp++);                [2]
                        }
                *(p++)=':';                                     [3]
                }
        p[-1]='\0';
        return(buf);

        The old vulnerability got fixed at [1] by comparing 'len'
        against <= 0 instead of == 0 to detect the possible
        underflow of 'len'.

        To trigger the off-by-one, you'd just fill the buffer
        with cipher strings up to the point, where 'len' == 1 and
        'cp' pointing to the last character of the current cipher
        string. The last round of the inner for() loop would then
        decrement 'len' to 0 at [1] and write the last byte of the
        current cipher string into the buffer [2], increasing 'p'
        to point to the last free byte of the buffer.
        The last free byte is then filled by the ':' separator and
        'p' is increased to point one byte behind the buffer.
        Now if there are still ciphers remaining, we enter the
        outer loop again, decrease 'len' to -1 at [4] and then
        hit the check at [1] again. This time it's true and the
        terminating '\0' byte is written one byte behind the
        buffer [5] before returning.

Vendor response:

        2007/06/06      Initial contact with openssl-security@openssl.org
        2007/07/06      Response received by Ben Laurie <ben@links.org>
                        regarding a proposed fix.
        2007/09/19      Fix committed to the OpenSSL_0_9_8-stable branch
                        in CVS.

Vulnerable packages:

        All applications using the SSL_get_shared_ciphers() function from
        the OpenSSL library up to 0.9.7m and 0.9.8e.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow, Moritz Jodeit <=
Previous by Date:  Re: Possible Windows Explorer bad PNG file preview integer overflow handling, none
Next by Date:  [Full-disclosure] iDefense Security Advisory 09.27.07: Computer Associates BrightStor HSM r11.5 Multiple Vulnerabilities, iDefense Labs
Previous by Thread:  [waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12, come2waraxe
Next by Thread:  [Full-disclosure] iDefense Security Advisory 09.27.07: Computer Associates BrightStor HSM r11.5 Multiple Vulnerabilities, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]