FreeBSD : polarssl -- denial of service vulnerability (72bf9e21-03df-11e3-bd8d-080027ef73ec)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Paul Bakker reports :

A bug in the logic of the parsing of PEM encoded certificates in
x509parse_crt() can result in an infinite loop, thus hogging
processing power.

While parsing a Certificate message during the SSL/TLS handshake,
PolarSSL extracts the presented certificates and sends them on to be
parsed. As the RFC specifies that the certificates in the Certificate
message are always X.509 certificates in DER format, bugs in the
decoding of PEM certificates should normally not be triggerable via
the SSL/TLS handshake.

Versions of PolarSSL prior to 1.1.7 in the 1.1 branch and prior to
1.2.8 in the 1.2 branch call the generic x509parse_crt() function for
parsing during the handshake. x509parse_crt() is a generic functions
that wraps parsing of both PEM-encoded and DER-formatted certificates.
As a result it is possible to craft a Certificate message that
includes a PEM encoded certificate in the Certificate message that
triggers the infinite loop.

See also :

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 69337 ()

Bugtraq ID:

CVE ID: CVE-2013-4623

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now