Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

OpenSSL null-pointer assignment vulnerability

Attack ID: CPAI-2004-13
Publish Date:
Last Update:
Category: OpenSSL null-pointer assignment vulnerability
Vulnerable Systems: Any application that makes use of OpenSSL's SSL/TLS library may be affected.
Source: CAN-2004-0079
CERT: VU#288574
Description: A vulnerability found in the OpenSSL SSL/TLS library could allow an unauthenticated, remote attacker to cause a denial of service.
Severity:
Details:

OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols as well as a general purpose cryptography library. SSL and TLS are typically used to provide security services to a range of Internet application protocols and in support of web and email applications.

OpenSSL contains a null-pointer assignment in the do_change_cipher_spec() function. By sending a specially crafted SSL/TLS handshake to an application that uses a vulnerable OpenSSL library, a remote, unauthenticated attacker could cause OpenSSL to crash. Repeated exploitation of this vulnerability would result in a Denial of Service (DoS) in the target application.
Attack Detection:

Using SmartView Tracker, users of VPN-1 NG AI R55 will be able to identify dropped logs with rule number 99443 appearing on the log viewer.
InterSpect users will receive a SmartDefense log with the following entries:

Attack name: VPN Protection.
Attack Information: Malformed SSL packet detected.
Solution:

Users of VPN-1 NG AI R55 and InterSpect should update their SmartDefense by pressing the Update Now button in the general tab.

To apply the protection (R55 and InterSpect):

  1. From the SmartDefense menu, select Application Intelligence > VPN Protocols > Block SSL null-pointer assignment

  2. Install policy on all modules
  3. R55 users only: A new Service object has been added named SSL Null-pointer.  Use the newly added SSL Null-pointer service in the rule base. The Service works by default on port 443 and enables inspection of Web traffic passing through this port.

This Service enables R55 users to use this protection with more granularity. Specifically, it enables to move the port of the protection, as opposed to the global protection that uses port TCP/443 at all times. It also allows the user to create a granular rule that uses this service instead of turning on the global SmartDefense property (VPN Protocols > Block SSL null-pointer assignment). This is specifically useful when a lot of fasle positives are recieved. The inspection will be performed only on the rule the Service is used in.  
Industry Reference:
Additional Information: OpenSSL