Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.
OpenSSL's ASN.1 parser within Novell iManager 2.0.2 is vulnerable to a denial-of-service (DoS) attack. Attackers can craft malicious packets that trigger a NULL pointer dereference, crashing the iManager service and potentially disrupting critical network management functions. This vulnerability allows for easy exploitation and can lead to significant operational impact.
Step 1: Packet Crafting: The attacker crafts a malicious packet containing a specially crafted ASN.1 structure. This structure is designed to exploit a vulnerability in the OpenSSL ASN.1 parser.
Step 2: Packet Delivery: The attacker sends the crafted packet to a Novell iManager 2.0.2 instance. The packet is likely sent over a network connection, potentially using a protocol that iManager utilizes for communication (e.g., LDAP, HTTP).
Step 3: Parsing Trigger: The iManager service, upon receiving the packet, attempts to parse the malicious ASN.1 structure using the vulnerable OpenSSL library.
Step 4: Vulnerability Exploitation: The OpenSSL ASN.1 parser encounters the malformed structure and, due to a lack of proper input validation, attempts to access memory at a NULL pointer address (0x0). This results in a NULL pointer dereference.
Step 5: Denial of Service: The NULL pointer dereference causes the iManager service to crash, resulting in a denial-of-service condition. The service becomes unavailable, disrupting network management operations.
The vulnerability stems from flaws in OpenSSL's ASN.1 (Abstract Syntax Notation One) parser, specifically within its handling of malformed or crafted ASN.1 data structures. The parser, when processing these structures, fails to properly validate input, leading to a NULL pointer dereference. This occurs when the parser attempts to access memory at address 0x0, which is an invalid memory location. The root cause is likely a lack of bounds checking or improper handling of pointers during the parsing process. The 'OpenSSL ASN.1 brute forcer' mentioned in the description suggests the vulnerability can be triggered by sending a series of crafted ASN.1 packets, potentially exploiting a buffer overflow or other memory corruption issues within the parser. The overlap with other CVEs (CVE-2004-0079, CVE-2004-0081, CVE-2004-0112) indicates a broader issue with OpenSSL's ASN.1 parsing logic, potentially involving similar vulnerabilities related to data validation and memory management.