the base system contins 0.9.8e and this PoC is affected up to 0.9.8i not yet tested the question is, the freebsd is affected for this error/malware/poc? http://milw0rm.com/exploits/8873
Oliver Pinter wrote:> the base system contins 0.9.8e and this PoC is affected up to 0.9.8i > not yet tested > the question is, the freebsd is affected for this error/malware/poc? > http://milw0rm.com/exploits/8873(term1) OpenSSL> version OpenSSL 0.9.8e 23 Feb 2007 % openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 -dtls1 ... (term2) % ./cve-2009-1386 localhost 1234 [+] Sending DTLS datagram of death at localhost:1234... ... (term1) zsh: segmentation fault (core dumped) openssl s_server -cert /usr/src/crypto/openssl/apps/server.pem -accept 1234 GDB shows: Program received signal SIGSEGV, Segmentation fault. 0x480fe28d in ssl3_do_change_cipher_spec () from /usr/lib/libssl.so.5 ... 0x480fe28d <ssl3_do_change_cipher_spec+189>: mov %eax,0xac(%edx) ... (gdb) i r edx edx 0x0 0 Looks vulnerable, but I had to force DTLS using the -dtls1 switch, so it may not be much of an issue in most real world configurations? -- Pieter
Thu, Jun 04, 2009 at 10:15:34PM +0200, Oliver Pinter wrote:> the base system contins 0.9.8e and this PoC is affected up to 0.9.8iThere was combined PR for the ports/base system OpenSSL, http://www.freebsd.org/cgi/query-pr.cgi?pr=134653 Probably more complete patch for DTLS stuff, http://sctp.fh-muenster.de/dtls/dtls-bugs.patch that additionally fixes MTU problems and other stuff can be integrated to the base system as it was recently done with the security/openssl. I am in ENOTIME now, so I'm not able to test these patches myself, sorry. -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #