An overflow flaw related to asn1_d2i_read_bio exists in OpenSSL. The issue is triggered when the program fails to sanitize user-supplied input when parsing DER data, resulting in a heap-based buffer overflow. This may allow an attacker to execute arbitrary code or cause a denial of service via memory corruption.

Upgrade to version 1.0.1a, 1.0.0i or 0.9.8v or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. IBM WebSphere DataPower Integration Appliance customers can upgrade to version 4.0.2.8.

• Security Tracker: 1026957 1027514
• Exploit Database: 18756
• CVE ID: 2012-2110 (see also: NVD)
• Secunia Advisory ID: 48847 48895 48896 48899 48942 48956 48999 49077 49107 49224 49229 49402 49440 49586 49670 50072 50097 50151 50444 50476 50594 50601 50736 51276 51522 51542 51674 52019 52292 52332 52437 52543 52724 52869 52892
• Bugtraq ID: 53158
• Vendor Specific News/Changelog Entry: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory4.asc
  http://blog.pfsense.org/?p=676
  http://cvs.openssl.org/chngview?cn=22431
  http://cvs.openssl.org/chngview?cn=22434
  http://cvs.openssl.org/chngview?cn=22439
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03315912
  http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03383940
  http://lists.debian.org/debian-security-announce/2012/msg00090.html
  http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00014.html
  http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00007.html
  http://lists.opensuse.org/opensuse-updates/2013-02/msg00069.html
  http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc
  http://www-01.ibm.com/support/docview.wss?uid=nas2d7439844d1fd14f0862579f5003c71ce
  http://www-01.ibm.com/support/docview.wss?uid=swg24030215
  http://www-01.ibm.com/support/docview.wss?uid=swg24030685
  http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
  http://www.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e
  http://www.ibm.com/support/docview.wss?uid=swg1IC84088
  http://www.ibm.com/support/docview.wss?uid=swg21607116
  http://www.ibm.com/support/docview.wss?uid=swg21627934
  http://www.ibm.com/support/docview.wss?uid=swg21633107
  http://www.openssl.org/news/secadv_20120419.txt
  http://www.ubuntu.com/usn/usn-1424-1/
  http://www.ubuntu.com/usn/usn-1428-1
  http://www.us.debian.org/security/2012/dsa-2454
  https://www.ibm.com/support/docview.wss?uid=swg21619837
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2012-09/att-0046/ESA-2012-029.txt
  http://archives.neohapsis.com/archives/fulldisclosure/2012-04/0209.html
  http://marc.info/?l=bugtraq&m=134039053214295&w=2
  http://seclists.org/bugtraq/2012/May/13
  http://seclists.org/bugtraq/2012/May/98
  https://lists.balabit.hu/pipermail/syslog-ng-announce/2012-August/000147.html
  https://lists.balabit.hu/pipermail/syslog-ng-announce/2012-August/000148.html
• Vendor Specific Advisory URL: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2012-001.txt.asc
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03383940
  http://kb.juniper.net/InfoCenter/index?page=content&id=KB27376
  http://shibboleth.internet2.edu/secadv/secadv_20120419.txt
  http://support.attachmate.com/techdocs/1708.html
  http://support.attachmate.com/techdocs/2288.html
  http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sterling_connect_enterprise_for_unix_is_affected_by_multiple_vulnerabilities_in_openssl12
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-645&viewMode=view [ Auth Req'd ]
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-09-712&viewMode=view [ Auth Req'd ]
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-872&viewMode=view [ Auth Req'd ]
  http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-941&viewMode=view [ Auth Req'd ]
  http://www.vmware.com/security/advisories/VMSA-2012-0013.html
  http://www.vmware.com/security/advisories/VMSA-2013-0003.html
  http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_XRX12-009_v1.1.pdf
  http://www.xerox.com/download/security/security-bulletin/16cd0-4ccb9d5fd3580/cert_XRX12-010_FFPSv8_v1.1.pdf
  https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03333987&ac.admitted=1337324854606.876444892.492883150
  https://kb.bluecoat.com/index?page=content&id=SA70
  https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_infosphere_balanced_warehouse_c3000_c4000_and_d5100_and_ibm_smart_analytics_system_1050_2050_5600_and_5710_are_affected_by_vulnerabilities_in_openssl16
• Packet Storm: http://packetstormsecurity.org/files/111996/OpenSSL-Memory-Corruption.html
  http://packetstormsecurity.org/files/112023/OpenSSL-ASN1-BIO-Vulnerability.html
  http://packetstormsecurity.org/files/112154/OpenSSL-ASN1-BIO-Incomplete-Fix.html
  http://packetstormsecurity.org/files/113582/HP-Security-Bulletin-HPSBMU02776-SSRT100852.html
• Vendor URL: http://www.openssl.org/
• RedHat RHSA: RHSA-2012:0518 RHSA-2012:1306 RHSA-2012:1307 RHSA-2012:1308

• Tavis Ormandy - Google Security Team