http://www.rtfm.com/ssldump The ssldump team has discovered a number of memory errors in old versions of ssldump. BACKGROUND ssldump is an SSLv3/TLS network protocol analyzer. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic. SUMMARY OF BUG It's possible to send ssldump bogus protocol messages which will cause a buffer under/overflow. Although no exploit is known, it is possible that this buffer overflow can be used to take control of ssldump, which might lead to execution of arbitrary code and compromise of the affected system. VULNERABLE VERSIONS Any version of ssldump prior to ssldump-0.9b3 DETAILS There are two problems. (1) ssldump attempts to decrypt the PreMasterSecret into a 48 byte buffer. This is the longest legal value for an RSA PreMasterSecret. It's possible to overflow this buffer by using a longer PMS. The maximum size of this overflow is limited by the length of the server's RSA key and therefore will be about 64-bytes for a 1024-bit RSA key. This bug can only be exercised in decryption mode. (2) ssldump does not check the length of an SSLv2 "challenge" value. The challenge value is copied into a right-aligned 32-byte buffer and therefore it is possible to underrun the buffer by up to 64k. EXPLOITS No exploits are known at this time. This is the first announcement of these problems. SCOPE OF VULNERABILITY Since ssldump is an analysis tool, you have to be actually running it at the time when an attacker attempts to attack you. However, this isn't impossible. If you're running ssldump on a network where hostile parties can send you traffic, you should stop or upgrade. FIX Upgrade to ssldump-0.9b3, found at: http://www.rtfm.com/ssldump/ssldump-0.9b3.tar.gz
This archive was generated by hypermail 2b30 : Wed Sep 11 2002 - 08:43:09 PDT