SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Debian Issues Fix) OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1004882
SecurityTracker URL:  http://securitytracker.com/id/1004882
CVE Reference:   CVE-2002-0655, CVE-2002-0656, CVE-2002-0657, CVE-2002-0659   (Links to External Site)
Date:  Jul 30 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6d or earlier, 0.9.7-beta2 or earlier, 0.9.7 current development snapshots
Description:   Four buffer overflow conditions were reported in OpenSSL. All four may allow a remote user to execute arbitrary code.

The vendor has reported that A.L. Digital Ltd and The Bunker have uncovered multiple buffer overflows in OpenSSL, discovered during a security review.

A remote user could create a specially crafted, oversized client master key and use SSL2 to trigger an overflow on an SSL server. According to the report, this vulnerability was independently discovered by Neohapsis, which has confirmed that the overflow can be exploited to execute arbitrary code.

A remote user with an SSL server could create a specially crafted, oversized session ID and supply this ID to a target client using SSL3 to trigger an overflow.

A remote user could supply a specially crafted, oversized master key to an SSL3 server to trigger an overflow. It is reported that this flaw affects OpenSSL 0.9.7 prior to version 0.9.7-beta3 when Kerberos is enabled.

Several buffers used for ASCII representations of integers are reportedly too small on 64 bit platforms.

The report also states that other potential buffer overflows that are currently considered to be non-exploitable have been discovered.

The vendor notes that Adi Stav and James Yonan independently reported that the ASN1 parser can be confused by certain invalid encodings, potentially allowing a remote user to cause denial of service conditions. An OpenSSL-based application that use the ASN1 library to parse untrusted data (including all SSL or TLS applications using S/MIME [PKCS#7] or certificate generation routines) are affected.

Impact:   A remote user acting as an SSL client could execute arbitrary code on an SSL server. A remote user acting as an SSL server could cause arbitrary code to be executed on an SSL client that is connecting to the server. In each case, the code would run with privileges of the affected implementation.

A remote user may be able cause denial of service conditions.

Solution:   Debian has released a fix for Debian 3.0 (woody) in openssl094_0.9.4-6.woody.0, openssl095_0.9.5a-6.woody.0 and openssl_0.9.6c-2.woody.0.

These vulnerabilities are also present in Debian 2.2 (potato), but no fix is available at this moment.

Debian recommends that you upgrade your OpenSSL as soon as possible. Note that you should restart any daemons running SSL. (E.g., ssh or ssl-enabled apache.)

To obtaining updates:

By hand:
wget URL
will fetch the file for you.
dpkg -i FILENAME.deb
will install the fetched file.

With apt:
deb http://security.debian.org/ stable/updates main
added to /etc/apt/sources.list will provide security updates

For Debian 3.0 (stable):

Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0.dsc
Size/MD5 checksum: 782 de4c7b85648c7953dc31d3a89c38681c
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0.diff.gz
Size/MD5 checksum: 42270 e9fbf71f583f1727222eddb8f023472a
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.0.dsc
Size/MD5 checksum: 781 534406f61e0229e92f506e9bc92fdaf1
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.0.diff.gz
Size/MD5 checksum: 45542 f4683a2fb7adc0fef97a31ac141e3acd
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.0.diff.gz
Size/MD5 checksum: 38251 ee919ba698cbbfebcf922b19e05bbfeb
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
Size/MD5 checksum: 1570392 72544daea16d6c99d656b95f77b01b2d
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
Size/MD5 checksum: 2153980 c8261d93317635d56df55650c6aeb3dc
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.0.dsc
Size/MD5 checksum: 731 370bd2a3bb4bd957c571b7e0e51837ce
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
Size/MD5 checksum: 1892089 99d22f1d4d23ff8b927f94a9df3997b4

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.0_all.deb
Size/MD5 checksum: 978 550d56ffa53e3e8ef26087b1fef5a1c5

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_alpha.deb
Size/MD5 checksum: 735692 786b81d45374fa91a204a578d09dea6b
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_alpha.deb
Size/MD5 checksum: 1550722 ac0d245d8d2e744d688c2778382513da
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_alpha.deb
Size/MD5 checksum: 570630 c46d9dcac74f3766a48d8fe36d8dcb05

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_hppa.deb
Size/MD5 checksum: 741398 9a081e5359cdf46e56a1854bcbff7af3
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_hppa.deb
Size/MD5 checksum: 1434262 b9014a44cbefabce2c446b5b7be640f9
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_hppa.deb
Size/MD5 checksum: 564284 be33bde9b00138d7ab6639daf9dc4cfe

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_i386.deb
Size/MD5 checksum: 731384 101d86cf6e2e274e5a811a38f5956b2d
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.0_i386.deb
Size/MD5 checksum: 357908 49dd8e2dc866b9bd7639c5e7576e7519
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_i386.deb
Size/MD5 checksum: 462026 859c8e6439943d597db12d47ec1ee496
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_i386.deb
Size/MD5 checksum: 1293384 3e605b6e1abc0b0f40c6ec3ddf2b9419
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.0_i386.deb
Size/MD5 checksum: 400048 7495feff7cbcae0f816641b8d7537ad1

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_ia64.deb
Size/MD5 checksum: 1614810 48c24d1b8c221e51a1e6f789b2621b40
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_ia64.deb
Size/MD5 checksum: 763034 13e3e71cc06198e6a481d958854a1f78
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_ia64.deb
Size/MD5 checksum: 710254 792b4575a78dafac7f99919d9c5a9f78

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_mips.deb
Size/MD5 checksum: 717276 4a2d38551b10dc1316bd3479d044261b
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_mips.deb
Size/MD5 checksum: 482968 f37975dfb58f53950e98e8adce007cd9
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_mips.deb
Size/MD5 checksum: 1415580 e87350a24e7d0bc4558cc09711246eab

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_mipsel.deb
Size/MD5 checksum: 1409480 70e26b6de02b0749e9d30fb4e8d0bbc3
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_mipsel.deb
Size/MD5 checksum: 475990 1f96c9c2528316857598262b40a9b9ca
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_mipsel.deb
Size/MD5 checksum: 716482 a89cfa547f585e6858593506ed9b2257

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_powerpc.deb
Size/MD5 checksum: 501824 bfca4d6a8e3b348abb8ed97453349752
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_powerpc.deb
Size/MD5 checksum: 726122 9db6440fb0765c1360a7c09dec78f404
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_powerpc.deb
Size/MD5 checksum: 1386244 06a403323563b590311b1297e4f63a5d

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_s390.deb
Size/MD5 checksum: 730124 6585907e414d4508a66460649de0c701
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_s390.deb
Size/MD5 checksum: 1310886 d6e233ab6d3f1ebe4fd9b479713ee662
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_s390.deb
Size/MD5 checksum: 495844 afb314f4d0113175d27435485ba2de07

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_sparc.deb
Size/MD5 checksum: 736604 ebd2b62518e0602fbf1027686c0eb5e5
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_sparc.deb
Size/MD5 checksum: 484136 e26006714e97d77159f2d0773e00e636
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_sparc.deb
Size/MD5 checksum: 1343554 76c3efda7e4a3470c5276cefa63a2448

Vendor URL:  www.openssl.org/news/secadv_20020730.txt (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  2.2, 3.0

Message History:   This archive entry is a follow-up to the message listed below.
Jul 30 2002 OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges



 Source Message Contents

Subject:  [SECURITY] [DSA-136-1] Multiple OpenSSL problems


-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory DSA-136-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
July 30, 2002
- ------------------------------------------------------------------------


Package        : openssl
Problem type   : multiple remote exploits
Debian-specific: no
CVE            : CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659

The OpenSSL development team has announced that a security audit by A.L.
Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed
remotely exploitable buffer overflow conditions in the OpenSSL code.
Additionaly, the ASN1 parser in OpenSSL has a potential DoS attack
independently discovered by Adi Stav and James Yonan.

CAN-2002-0655 references overflows in buffers used to hold ASCII
representations of integers on 64 bit platforms. CAN-2002-0656
references buffer overflows in the SSL2 server implementation (by
sending an invalid key to the server) and the SSL3 client implementation
(by sending a large session id to the client). The SSL2 issue was also
noticed by Neohapsis, who have privately demonstrated exploit code for
this issue. CAN-2002-0659 references the ASN1 parser DoS issue.

These vulnerabilities have been addressed for Debian 3.0 (woody) in
openssl094_0.9.4-6.woody.0, openssl095_0.9.5a-6.woody.0 and
openssl_0.9.6c-2.woody.0.

These vulnerabilities are also present in Debian 2.2 (potato), but no
fix is available at this moment.

We recommend you upgrade your OpenSSL as soon as possible. Note that you
should restart any daemons running SSL. (E.g., ssh or ssl-enabled
apache.)

- ------------------------------------------------------------------------

Obtaining updates:

  By hand:
    wget URL
        will fetch the file for you.
    dpkg -i FILENAME.deb
        will install the fetched file.

  With apt:
    deb http://security.debian.org/ stable/updates main
        added to /etc/apt/sources.list will provide security updates

Additional information can be found on the Debian security webpages
at http://www.debian.org/security/

- ------------------------------------------------------------------------

Debian 3.0 (stable)
- -------------------

  Stable was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel
, powerpc, s390 and sparc.

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0.dsc
      Size/MD5 checksum:      782 de4c7b85648c7953dc31d3a89c38681c
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0.diff.gz
      Size/MD5 checksum:    42270 e9fbf71f583f1727222eddb8f023472a
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.0.dsc
      Size/MD5 checksum:      781 534406f61e0229e92f506e9bc92fdaf1
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.0.diff.gz
      Size/MD5 checksum:    45542 f4683a2fb7adc0fef97a31ac141e3acd
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.0.diff.gz
      Size/MD5 checksum:    38251 ee919ba698cbbfebcf922b19e05bbfeb
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
      Size/MD5 checksum:  1570392 72544daea16d6c99d656b95f77b01b2d
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
      Size/MD5 checksum:  2153980 c8261d93317635d56df55650c6aeb3dc
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.0.dsc
      Size/MD5 checksum:      731 370bd2a3bb4bd957c571b7e0e51837ce
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
      Size/MD5 checksum:  1892089 99d22f1d4d23ff8b927f94a9df3997b4

  Architecture independent packages:

    http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.0_all.deb
      Size/MD5 checksum:      978 550d56ffa53e3e8ef26087b1fef5a1c5

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_alpha.deb
      Size/MD5 checksum:   735692 786b81d45374fa91a204a578d09dea6b
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_alpha.deb
      Size/MD5 checksum:  1550722 ac0d245d8d2e744d688c2778382513da
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_alpha.deb
      Size/MD5 checksum:   570630 c46d9dcac74f3766a48d8fe36d8dcb05

  hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_hppa.deb
      Size/MD5 checksum:   741398 9a081e5359cdf46e56a1854bcbff7af3
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_hppa.deb
      Size/MD5 checksum:  1434262 b9014a44cbefabce2c446b5b7be640f9
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_hppa.deb
      Size/MD5 checksum:   564284 be33bde9b00138d7ab6639daf9dc4cfe

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_i386.deb
      Size/MD5 checksum:   731384 101d86cf6e2e274e5a811a38f5956b2d
    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.0_i386.deb
      Size/MD5 checksum:   357908 49dd8e2dc866b9bd7639c5e7576e7519
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_i386.deb
      Size/MD5 checksum:   462026 859c8e6439943d597db12d47ec1ee496
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_i386.deb
      Size/MD5 checksum:  1293384 3e605b6e1abc0b0f40c6ec3ddf2b9419
    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.0_i386.deb
      Size/MD5 checksum:   400048 7495feff7cbcae0f816641b8d7537ad1

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_ia64.deb
      Size/MD5 checksum:  1614810 48c24d1b8c221e51a1e6f789b2621b40
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_ia64.deb
      Size/MD5 checksum:   763034 13e3e71cc06198e6a481d958854a1f78
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_ia64.deb
      Size/MD5 checksum:   710254 792b4575a78dafac7f99919d9c5a9f78

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_mips.deb
      Size/MD5 checksum:   717276 4a2d38551b10dc1316bd3479d044261b
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_mips.deb
      Size/MD5 checksum:   482968 f37975dfb58f53950e98e8adce007cd9
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_mips.deb
      Size/MD5 checksum:  1415580 e87350a24e7d0bc4558cc09711246eab

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_mipsel.deb
      Size/MD5 checksum:  1409480 70e26b6de02b0749e9d30fb4e8d0bbc3
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_mipsel.deb
      Size/MD5 checksum:   475990 1f96c9c2528316857598262b40a9b9ca
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_mipsel.deb
      Size/MD5 checksum:   716482 a89cfa547f585e6858593506ed9b2257

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_powerpc.deb
      Size/MD5 checksum:   501824 bfca4d6a8e3b348abb8ed97453349752
    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_powerpc.deb
      Size/MD5 checksum:   726122 9db6440fb0765c1360a7c09dec78f404
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_powerpc.deb
      Size/MD5 checksum:  1386244 06a403323563b590311b1297e4f63a5d

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_s390.deb
      Size/MD5 checksum:   730124 6585907e414d4508a66460649de0c701
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_s390.deb
      Size/MD5 checksum:  1310886 d6e233ab6d3f1ebe4fd9b479713ee662
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_s390.deb
      Size/MD5 checksum:   495844 afb314f4d0113175d27435485ba2de07

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_sparc.deb
      Size/MD5 checksum:   736604 ebd2b62518e0602fbf1027686c0eb5e5
    http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_sparc.deb
      Size/MD5 checksum:   484136 e26006714e97d77159f2d0773e00e636
    http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_sparc.deb
      Size/MD5 checksum:  1343554 76c3efda7e4a3470c5276cefa63a2448

- -- 
- ----------------------------------------------------------------------------
Debian Security team <team@security.debian.org>
http://www.debian.org/security/
Mailing-List: debian-security-announce@lists.debian.org


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPUaKwajZR/ntlUftAQGXkQL/anYU8ZtJFkL/TMGvoXl/flgBSbUoJ8eH
sIDsZWuh0DIJmo7vy8bXlzjTUM0Cwal5q3ZkQ4RJJjY35rWGh0uFT2tfUMYsrSR9
H/qMh54TrQl3eVSM2F1IvmFE0jTnZGD+
=TZ0F
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC