SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Apple Issues Fix) OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1004939
SecurityTracker URL:  http://securitytracker.com/id/1004939
CVE Reference:   CVE-2002-0655, CVE-2002-0656, CVE-2002-0657, CVE-2002-0659   (Links to External Site)
Date:  Aug 4 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6d or earlier, 0.9.7-beta2 or earlier, 0.9.7 current development snapshots
Description:   Four buffer overflow conditions were reported in OpenSSL. All four may allow a remote user to execute arbitrary code.

The vendor has reported that A.L. Digital Ltd and The Bunker have uncovered multiple buffer overflows in OpenSSL, discovered during a security review.

A remote user could create a specially crafted, oversized client master key and use SSL2 to trigger an overflow on an SSL server. According to the report, this vulnerability was independently discovered by Neohapsis, which has confirmed that the overflow can be exploited to execute arbitrary code.

A remote user with an SSL server could create a specially crafted, oversized session ID and supply this ID to a target client using SSL3 to trigger an overflow.

A remote user could supply a specially crafted, oversized master key to an SSL3 server to trigger an overflow. It is reported that this flaw affects OpenSSL 0.9.7 prior to version 0.9.7-beta3 when Kerberos is enabled.

Several buffers used for ASCII representations of integers are reportedly too small on 64 bit platforms.

The report also states that other potential buffer overflows that are currently considered to be non-exploitable have been discovered.

The vendor notes that Adi Stav and James Yonan independently reported that the ASN1 parser can be confused by certain invalid encodings, potentially allowing a remote user to cause denial of service conditions. An OpenSSL-based application that use the ASN1 library to parse untrusted data (including all SSL or TLS applications using S/MIME [PKCS#7] or certificate generation routines) are affected.

Impact:   A remote user acting as an SSL client could execute arbitrary code on an SSL server. A remote user acting as an SSL server could cause arbitrary code to be executed on an SSL client that is connecting to the server. In each case, the code would run with privileges of the affected implementation.

A remote user may be able cause denial of service conditions.

Solution:   Apple has issued a security fix for Mac OS X client and Mac OS X Server, available at:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:

http://docs.info.apple.com/article.html?artnum=120139

https://depot.info.apple.com/security/129403bc5e184e3b7367.html

The download file is titled: SecurityUpd2002-08-02.dmg
Its SHA-1 digest is: 54f6eebe0398181db8f1129403bc5e184e3b7367

This update can be applied to Mac OS X 10.1.5.

Vendor URL:  www.openssl.org/news/secadv_20020730.txt (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  Mac OS X 10.1.5

Message History:   This archive entry is a follow-up to the message listed below.
Jul 30 2002 OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges



 Source Message Contents

Subject:  Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl


-----BEGIN PGP SIGNED MESSAGE-----

Security Update 2002-08-02 is now available.  It contains fixes for 
recent
vulnerabilities in:

    OpenSSL:  Fixes security vulnerabilities CAN-2002-0656, 
CAN-2002-0657,
       CAN-2002-0655, and CAN-2002-0659.  Details are available via:
       http://www.cert.org/advisories/CA-2002-23.html

    mod_ssl:  Fixes CAN-2002-0653, an off-by-one buffer overflow in the
       mod_ssl Apache module.  Details are available via:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0653

    Sun RPC:  Fixes CAN-2002-039, a buffer overflow in the Sun RPC XDR 
decoder.
       Details are available via:
       
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823

Affected systems:  Mac OS X client and Mac OS X Server

Note:  Mac OS X client is configured by default to have these services 
turned
off, and is only vulnerable if the user has enabled network services 
which rely
on the affected components.  It is still recommended for Mac OS X 
client users
to apply this security update to their system.

System requirements:  Mac OS X 10.1.5

Security Update 2002-08-02 may be obtained from:

   * Software Update pane in System Preferences

   * Apple's Software Downloads web site:
       http://docs.info.apple.com/article.html?artnum=120139

       SSL server:
       https://depot.info.apple.com/security/129403bc5e184e3b7367.html

To help verify the integrity of Security Update 2002-08-02 from the
Software Downloads web site:

    The download file is titled:  SecurityUpd2002-08-02.dmg
    Its SHA-1 digest is:  54f6eebe0398181db8f1129403bc5e184e3b7367

Information will also be posted to the Apple Product Security web site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.3

iQEVAwUBPUsLOiFlYNdE6F9oAQGAigf+JV+lazuko1g4oZSNFTd2puXCtOGQ0M8c
2cZ/BdaEBA8jLGrPkhWuvmMwpN9z6G9chnN8s9EXiavcBG5e/ejtTo3ZHoOGP7bg
789zLQLK2JTB75nc0fNyx2CdfHlEIM00v8c2jXySLlnqF+kzwqVnjUL7i2O97Fk5
tWXLc2dWK2Nf2SUk0/yLgfjceZKEPCPXTpuKYuah/w9NwzL+LsbPcfXA/H1f4ngc
vRPc2sn2HYu9IJw/BrMEsDlS8IWHf6ozXdZ9qaVCVRrZlsd9gSSmB2Jba4be/MRX
FauTTepMF9+JfCkx+2wtpwWhBcXoJnjwIZXOXwbbRjqXHmzzgu8D/Q==
=fdGO
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC