(Novell Issues Fix for eDirectory) OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications
|
|
SecurityTracker Alert ID: 1010325 |
|
SecurityTracker URL: http://securitytracker.com/id/1010325
|
|
CVE Reference:
CAN-2004-0079
(Links to External Site)
|
Date: May 28 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Some vulnerabilities were reported in OpenSSL, primarily involving the processing of SSL/TLS protocol handshakes. A remote user can cause OpenSSL to crash. Novell eDirectory is affected.
It is reported that there is a null-pointer assignment in the do_change_cipher_spec() function [CVE: CVE-2004-0079]. A remote user can perform a specially crafted SSL/TLS handshake with a target server to cause OpenSSL to crash on the target system. This may cause the application using OpenSSL to crash.
All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a to 0.9.7c inclusive are reportedly vulnerable to this null-pointer bug.
It is also reported that there is a flaw in performing SSL/TLS handshakes using Kerberos ciphersuites [CVE: CVE-2004-0112]. A remote user can perform a specially crafted SSL/TLS handshake against a server that is using Kerberos ciphersuites to cause OpenSSL to crash on the target system.
OpenSSL versions 0.9.7a, 0.9.7b, and 0.9.7c are reported to be vulnerable to this Kerberos handshake bug.
It is also reported that a remote user may be able to cause OpenSSL to enter an infinite loop due to a flaw in a patch introduced in 0.9.6d [CVE: CVE-2004-0081].
The vendor credits Dr. Stephen Henson of the OpenSSL core team as well as Codenomicon for supplying their TLS Test Tool and Joe Orton of Red Hat for performing the majority of the testing.
|
Impact:
A remote user can cause OpenSSL to crash, which may cause an application using OpenSSL to crash. The specific impact depends on the application that uses the OpenSSL library.
|
Solution:
Novell has issued Security Update 4, available at:
http://support.novell.com/servlet/filedownload/sec/pub/secupd4.tgz
|
Vendor URL: support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm (Links to External Site)
|
Cause:
Boundary error, Exception handling error, State error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 27 May 2004 23:17:33 -0400
Subject: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm
|
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968981.htm
Security Update 4 - TID2968981 (last modified 27MAY2004)
http://support.novell.com/servlet/filedownload/sec/pub/secupd4.tgz
> eDirectory running on Netware, Microsoft Windows, Linux, or Unix
> Novell has reviewed our application portfolio to identify products affected by the
> vulnerabilities reported by the NISCC. We have made the necessary changes to our
> products that use OpenSSL code. This patch resolves all known OpenSSL vulnerabilities
> that affected Novell security products.
> See http://www.cert.org (OpenSSL security vulnerabilities described in CERTŪ Advisories
> CAN-2003-0543 (VU#255484), CAN-2003-0544 (VU#380864, VU#686224, and VU#732952), and
> CAN=2004-0079 (VU#288574)) for more information on these vulnerabilities.
|
|
