SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(HP Issues Fix for HP Secure OS for Linux) OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges
SecurityTracker Alert ID:  1005079
SecurityTracker URL:  http://securitytracker.com/id/1005079
CVE Reference:   CVE-2002-0655, CVE-2002-0656, CVE-2002-0657, CVE-2002-0659   (Links to External Site)
Date:  Aug 19 2002
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6d or earlier, 0.9.7-beta2 or earlier, 0.9.7 current development snapshots
Description:   Four buffer overflow conditions were reported in OpenSSL. All four may allow a remote user to execute arbitrary code.

The vendor has reported that A.L. Digital Ltd and The Bunker have uncovered multiple buffer overflows in OpenSSL, discovered during a security review.

A remote user could create a specially crafted, oversized client master key and use SSL2 to trigger an overflow on an SSL server. According to the report, this vulnerability was independently discovered by Neohapsis, which has confirmed that the overflow can be exploited to execute arbitrary code.

A remote user with an SSL server could create a specially crafted, oversized session ID and supply this ID to a target client using SSL3 to trigger an overflow.

A remote user could supply a specially crafted, oversized master key to an SSL3 server to trigger an overflow. It is reported that this flaw affects OpenSSL 0.9.7 prior to version 0.9.7-beta3 when Kerberos is enabled.

Several buffers used for ASCII representations of integers are reportedly too small on 64 bit platforms.

The report also states that other potential buffer overflows that are currently considered to be non-exploitable have been discovered.

The vendor notes that Adi Stav and James Yonan independently reported that the ASN1 parser can be confused by certain invalid encodings, potentially allowing a remote user to cause denial of service conditions. An OpenSSL-based application that use the ASN1 library to parse untrusted data (including all SSL or TLS applications using S/MIME [PKCS#7] or certificate generation routines) are affected.

Impact:   A remote user acting as an SSL client could execute arbitrary code on an SSL server. A remote user acting as an SSL server could cause arbitrary code to be executed on an SSL client that is connecting to the server. In each case, the code would run with privileges of the affected implementation.

A remote user may be able cause denial of service conditions.

Solution:   HP has released a patch (HPTL_00029) for HP Secure OS for Linux, available at:

http://itrc.hp.com

This same patch address a bug in mmlib. [Editor's note: A separate alert has been issued for this patch in relation to the mm library bug.]

Use the 'Login' tab at the left side of the screen to login using your ID and password. Use your existing login or the "Register" button at the left to create a login. Remember to save the User ID assigned to you, and your password. This login provides access to many useful areas of the ITRC.

Under the "Maintenance and Support" section, select "Individual Patches".

In the field at the bottom of the page labeled "retrieve a specific patch by entering the patch name", enter {{ Patch number (s) }}

For instructions on installing the patch, please see the install text file included in the patch.

Vendor URL:  www.openssl.org/news/secadv_20020730.txt (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  Linux (HP Secure OS)
Underlying OS Comments:  Release 1.0

Message History:   This archive entry is a follow-up to the message listed below.
Jul 30 2002 OpenSSL Has Multiple Buffer Overflows That Allow Remote Users to Execute Arbitrary Code with Root Privileges



 Source Message Contents

Subject:  HP Secure OS Software for Linux security bulletins digest



Document ID:  HPSBTL0208-056
Date Loaded:  20020813
      Title:  Multiple vulnerabilities in OpenSSL and libmm

TEXT

			

				

---------------------------------------------------------------
    HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBTL0208-056
    Originally issued: 13 August '02
---------------------------------------------------------------

The information in the following Security Bulletin should be acted
upon as soon as possible.  Hewlett-Packard Company will not be
liable for any consequences to any customer resulting from said customer's
failure to fully implement instructions in this Security Bulletin as
soon as possible.

---------------------------------------------------------------
PROBLEM:  Multiple vulnerabilities in OpenSSL and libmm.

PLATFORM: Any system running HP Secure OS Software for Linux Release 1.0

DAMAGE:   Potential for unauthorized access to server resources.

SOLUTION: Apply the appropriate patch.

MANUAL ACTIONS: None

AVAILABILITY: The patch is available now.
---------------------------------------------------------------
 A. Background

    CERT® Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL.
    There are multiple security flaws that may provide unexpected 
    results and unauthorized access to system resources.

    Versions of MM up to and including 1.1.3 open temporary files 
    in an unsafe manner. 

 B. Fixing the problem

    Apply the following patch:

        HPTL_00029

    This patch is available as follows: -

    Use your browser to access the HP IT Resource Center page
    at:

       http://itrc.hp.com

    Use the 'Login' tab at the left side of the screen to login
    using your ID and password.  Use your existing login or the
    "Register" button at the left to create a login. Remember to save the
    User ID assigned to you, and your password. This login provides
    access to many useful areas of the ITRC.

    Under the "Maintenance and Support" section, select "Individual Patches".

    In the field at the bottom of the page labeled "retrieve a specific patch
    by entering the patch name", enter {{ Patch number (s) }}

    For instructions on installing the patch, please see the install text file
    included in the patch.


 C. To subscribe to automatically receive future NEW HP Security
    Bulletins from the HP IT Resource Center via electronic
    mail, do the following:

    Use your browser to access to the HP IT Resource Center page
    at:

       http://itrc.hp.com

    Use the 'Login' tab at the left side of the screen to login
    using your ID and password.  Use your existing login or the
    "Register" button at the left to create a login. Remember to
    save the User ID assigned to you, and your password. This
    login provides access to many useful areas of the ITRC.

    In the left most frame select "Maintenance and Support".

    Under the "Notifications" section (near the bottom of
    the page), select "Support Information Digests".

    To -subscribe- to future HP Security Bulletins or other
    Technical Digests, click the check box (in the left column)
    for the appropriate digest and then click the "Update
    Subscriptions" button at the bottom of the page.

    or

    To -review- bulletins already released, select the link
    (in the middle column) for the appropriate digest.


 D. To report new security vulnerabilities, send email to

    security-alert@hp.com

    Please encrypt any exploit information using the
    security-alert PGP key, available from your local key
    server. You ma also get the security-alert PGP key by
    sending a message with a -subject- (not body) of
    'get key' (no quotes) to security-alert@hp.com.

    Permission is granted for copying and circulating this
    Bulletin to Hewlett-Packard (HP) customers (or the Internet
    community) for the purpose of alerting them to problems,
    if and only if, the Bulletin is not edited or changed in
    any way, is attributed to HP, and provided such reproduction
    and/or distribution is performed for non-commercial purposes.

    Any other use of this information is prohibited. HP is not
    liable for any misuse of this information by any third party.
---------------------------------------------------------------
-----End of Document ID:  HPSBTL0208-056--------------------------------------


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC