SSL: DTLS Client Hello Fragmentation
This signature detects unusual fragmenting on the DTLS Client Hello handshake messages. These messages typically don't require fragmentation due their small payload size. Such messages can potentially indicate malicious activity.
Extended Description
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Affected Products
Openssl openssl
Short Name
SSL:AUDIT:DTLS-CLT-HELLO-FRAG
Severity
Warning
Recommended
False
Recommended Action
None
Category
SSL
Keywords
CVE-2014-0195 Client DTLS Fragmentation Hello bid:67900
Release Date
06/06/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
UDP/4433
False Positive
Unknown
Vendors
Opensuse
Mariadb
Openssl
Fedoraproject
CVSS Score
6.8