SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Caldera Issues Fix) OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1004912
SecurityTracker URL:  http://securitytracker.com/id/1004912
CVE Reference:   CVE-2002-0655, CVE-2002-0656, CVE-2002-0657, CVE-2002-0659   (Links to External Site)
Date:  Jul 31 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6d or earlier, 0.9.7-beta2 or earlier, 0.9.7 current development snapshots
Description:   Four buffer overflow conditions were reported in OpenSSL. All four may allow a remote user to execute arbitrary code.

The vendor has reported that A.L. Digital Ltd and The Bunker have uncovered multiple buffer overflows in OpenSSL, discovered during a security review.

A remote user could create a specially crafted, oversized client master key and use SSL2 to trigger an overflow on an SSL server. According to the report, this vulnerability was independently discovered by Neohapsis, which has confirmed that the overflow can be exploited to execute arbitrary code.

A remote user with an SSL server could create a specially crafted, oversized session ID and supply this ID to a target client using SSL3 to trigger an overflow.

A remote user could supply a specially crafted, oversized master key to an SSL3 server to trigger an overflow. It is reported that this flaw affects OpenSSL 0.9.7 prior to version 0.9.7-beta3 when Kerberos is enabled.

Several buffers used for ASCII representations of integers are reportedly too small on 64 bit platforms.

The report also states that other potential buffer overflows that are currently considered to be non-exploitable have been discovered.

The vendor notes that Adi Stav and James Yonan independently reported that the ASN1 parser can be confused by certain invalid encodings, potentially allowing a remote user to cause denial of service conditions. An OpenSSL-based application that use the ASN1 library to parse untrusted data (including all SSL or TLS applications using S/MIME [PKCS#7] or certificate generation routines) are affected.

Impact:   A remote user acting as an SSL client could execute arbitrary code on an SSL server. A remote user acting as an SSL server could cause arbitrary code to be executed on an SSL client that is connecting to the server. In each case, the code would run with privileges of the affected implementation.

A remote user may be able cause denial of service conditions.

Solution:   Caldera has released a fix for OpenLinux.

OpenLinux 3.1.1 Server:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS

Packages

49b6589ee4e3fa4780a279e5dc46604d openssl-0.9.6-18.i386.rpm
608246e3b6de6e1f08946915307813a1 openssl-devel-0.9.6-18.i386.rpm
55c039bf7e2f23805fe4060d72d94974 openssl-devel-static-0.9.6-18.i386.rpm

Installation

rpm -Fvh openssl-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/SRPMS

Source Packages

99196cf80db29415ca44ef78733701ca openssl-0.9.6-18.src.rpm


OpenLinux 3.1.1 Workstation:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS

Packages

6c83bdbaa0866d48413a6986d44add2b openssl-0.9.6-18.i386.rpm
c17adb44ffd8f0f5e8b812904cf58227 openssl-devel-0.9.6-18.i386.rpm
0f9741b9b1348e4100bbc4c2165983b4 openssl-devel-static-0.9.6-18.i386.rpm

Installation

rpm -Fvh openssl-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/SRPMS

Source Packages

7f819da5b612bd24e1f08b3e6ce96c7c openssl-0.9.6-18.src.rpm


OpenLinux 3.1 Server:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS

Packages

db2c63ecd72f9c919d75b80f7bf21416 openssl-0.9.6-18.i386.rpm
dfacf5e8c7588d19bda6aacbee04455c openssl-devel-0.9.6-18.i386.rpm
5caa2e9083c7bd82cf11abb747f92e24 openssl-devel-static-0.9.6-18.i386.rpm

Installation

rpm -Fvh openssl-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/SRPMS

Source Packages

209ee703939cf4de47cc2e403e7a7a5f openssl-0.9.6-18.src.rpm


OpenLinux 3.1 Workstation:

Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS

Packages

4a71d2544d0b06600abc27bddc4d20f5 openssl-0.9.6-18.i386.rpm
6a0caf0bfef379791b83aaca484d212d openssl-devel-0.9.6-18.i386.rpm
294d134720153d5f4b284653d42cfdb1 openssl-devel-static-0.9.6-18.i386.rpm

Installation

rpm -Fvh openssl-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

Source Package Location

ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/SRPMS

Source Packages

480806a05bc92716fd17001873c40c9a openssl-0.9.6-18.src.rpm

Vendor URL:  www.openssl.org/news/secadv_20020730.txt (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  Linux (Caldera/SCO)
Underlying OS Comments:  OpenLinux 3.1, 3.1.1 (Server and Workstation)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 30 2002 OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges



 Source Message Contents

Subject:  Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl


--XF85m9dhOBO43t/C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com full-disclosure@lists.netsys.com

______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Linux: multiple vulnerabilities in openssl
Advisory number: 	CSSA-2002-033.0
Issue date: 		2002 July 31
Cross reference:
______________________________________________________________________________


1. Problem Description

	There are four remotely exploitable buffer overflows that affect
	various OpenSSL client and server implementations. There are also
	encoding problems in the ASN.1 library used by OpenSSL. Several
	of these vulnerabilities could be used by a remote attacker to
	execute arbitrary code on the target system. All could be used
	to create denial of service.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to openssl-0.9.6-18.i386.rpm
					prior to openssl-devel-0.9.6-18.i386.rpm
					prior to openssl-devel-static-0.9.6-18.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to openssl-0.9.6-18.i386.rpm
					prior to openssl-devel-0.9.6-18.i386.rpm
					prior to openssl-devel-static-0.9.6-18.i386.rpm

	OpenLinux 3.1 Server		prior to openssl-0.9.6-18.i386.rpm
					prior to openssl-devel-0.9.6-18.i386.rpm
					prior to openssl-devel-static-0.9.6-18.i386.rpm

	OpenLinux 3.1 Workstation	prior to openssl-0.9.6-18.i386.rpm
					prior to openssl-devel-0.9.6-18.i386.rpm
					prior to openssl-devel-static-0.9.6-18.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS

	4.2 Packages

	49b6589ee4e3fa4780a279e5dc46604d	openssl-0.9.6-18.i386.rpm
	608246e3b6de6e1f08946915307813a1	openssl-devel-0.9.6-18.i386.rpm
	55c039bf7e2f23805fe4060d72d94974	openssl-devel-static-0.9.6-18.i386.rpm

	4.3 Installation

	rpm -Fvh openssl-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

	4.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/SRPMS

	4.5 Source Packages

	99196cf80db29415ca44ef78733701ca	openssl-0.9.6-18.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS

	5.2 Packages

	6c83bdbaa0866d48413a6986d44add2b	openssl-0.9.6-18.i386.rpm
	c17adb44ffd8f0f5e8b812904cf58227	openssl-devel-0.9.6-18.i386.rpm
	0f9741b9b1348e4100bbc4c2165983b4	openssl-devel-static-0.9.6-18.i386.rpm

	5.3 Installation

	rpm -Fvh openssl-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

	5.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/SRPMS

	5.5 Source Packages

	7f819da5b612bd24e1f08b3e6ce96c7c	openssl-0.9.6-18.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS

	6.2 Packages

	db2c63ecd72f9c919d75b80f7bf21416	openssl-0.9.6-18.i386.rpm
	dfacf5e8c7588d19bda6aacbee04455c	openssl-devel-0.9.6-18.i386.rpm
	5caa2e9083c7bd82cf11abb747f92e24	openssl-devel-static-0.9.6-18.i386.rpm

	6.3 Installation

	rpm -Fvh openssl-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

	6.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/SRPMS

	6.5 Source Packages

	209ee703939cf4de47cc2e403e7a7a5f	openssl-0.9.6-18.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS

	7.2 Packages

	4a71d2544d0b06600abc27bddc4d20f5	openssl-0.9.6-18.i386.rpm
	6a0caf0bfef379791b83aaca484d212d	openssl-devel-0.9.6-18.i386.rpm
	294d134720153d5f4b284653d42cfdb1	openssl-devel-static-0.9.6-18.i386.rpm

	7.3 Installation

	rpm -Fvh openssl-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-0.9.6-18.i386.rpm
	rpm -Fvh openssl-devel-static-0.9.6-18.i386.rpm

	7.4 Source Package Location

	ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/SRPMS

	7.5 Source Packages

	480806a05bc92716fd17001873c40c9a	openssl-0.9.6-18.src.rpm


8. References

	Specific references for this advisory:
		http://www.openssl.org/news/secadv_20020730.txt
		http://www.cert.org/advisories/CA-2002-23.html

	Caldera security resources:
		http://www.caldera.com/support/security/index.html

	This security fix closes Caldera incidents sr867369, fz525695,
	erg501640.


9. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.


10. Acknowledgements

	These vulnerabilities were discovered and reported by the
	following: A.L. Digital Ltd, John McDonald of Neohapsis, Adi
	Stav, James Yonan.

______________________________________________________________________________

--XF85m9dhOBO43t/C
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj1IKW8ACgkQbluZssSXDTHqdQCeJbfZK97+WxykZ58zNC3nq4ac
3t4AoNlYycrtGTTPO/tlaPOV8MKNXupe
=m6En
-----END PGP SIGNATURE-----

--XF85m9dhOBO43t/C--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC