SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Mandrake Issues Fix) OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications
SecurityTracker Alert ID:  1009466
SecurityTracker URL:  http://securitytracker.com/id/1009466
CVE Reference:   CVE-2004-0079, CVE-2004-0112   (Links to External Site)
Date:  Mar 17 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6c - 0.9.6k and 0.9.7a - 0.9.7c
Description:   Some vulnerabilities were reported in OpenSSL, primarily involving the processing of SSL/TLS protocol handshakes. A remote user can cause OpenSSL to crash.

It is reported that there is a null-pointer assignment in the do_change_cipher_spec() function [CVE: CVE-2004-0079]. A remote user can perform a specially crafted SSL/TLS handshake with a target server to cause OpenSSL to crash on the target system. This may cause the application using OpenSSL to crash.

All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a to 0.9.7c inclusive are reportedly vulnerable to this null-pointer bug.

It is also reported that there is a flaw in performing SSL/TLS handshakes using Kerberos ciphersuites [CVE: CVE-2004-0112]. A remote user can perform a specially crafted SSL/TLS handshake against a server that is using Kerberos ciphersuites to cause OpenSSL to crash on the target system.

OpenSSL versions 0.9.7a, 0.9.7b, and 0.9.7c are reported to be vulnerable to this Kerberos handshake bug.

It is also reported that a remote user may be able to cause OpenSSL to enter an infinite loop due to a flaw in a patch introduced in 0.9.6d [CVE: CVE-2004-0081].

The vendor credits Dr. Stephen Henson of the OpenSSL core team as well as Codenomicon for supplying their TLS Test Tool and Joe Orton of Red Hat for performing the majority of the testing.

Impact:   A remote user can cause OpenSSL to crash, which may cause an application using OpenSSL to crash. The specific impact depends on the application that uses the OpenSSL library.
Solution:   Mandrake has released a fix.

Corporate Server 2.1:
aa5e93c4668cd1f4ef8091c260e6c274 corporate/2.1/RPMS/libopenssl0-0.9.6i-1.7.C21mdk.i586.rpm
d1923437255ae0b50c5e1e8d40e3c0ee corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.7.C21mdk.i586.rpm
5e3ffcaa0291845b69c555f0961e610a corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.7.C21mdk.i586.rpm
ceefc8ac27966d4f7311f2fcff37b6c8 corporate/2.1/RPMS/openssl-0.9.6i-1.7.C21mdk.i586.rpm
9c85e7f857a7ebcf707ac6e65d32ceb1 corporate/2.1/SRPMS/openssl-0.9.6i-1.7.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
d1f2609c2fd600a73504a92c6b96ad0b x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.7.C21mdk.x86_64.rpm
dec9c21de8362901562041c8a960a249 x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.7.C21mdk.x86_64.rpm
951e43064657332318113f20c77cadf1 x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.7.C21mdk.x86_64.rpm
47a86a2f8219baa9504f01e1cf6de640 x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.7.C21mdk.x86_64.rpm
9c85e7f857a7ebcf707ac6e65d32ceb1 x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.7.C21mdk.src.rpm

Mandrakelinux 9.0:
f240a851cd1e2350485c01937c03954a 9.0/RPMS/libopenssl0-0.9.6i-1.7.90mdk.i586.rpm
44163de2b87935272550f1ee76df3bea 9.0/RPMS/libopenssl0-devel-0.9.6i-1.7.90mdk.i586.rpm
8692dc3bc8235e0ee0279c197fd7f2ee 9.0/RPMS/libopenssl0-static-devel-0.9.6i-1.7.90mdk.i586.rpm
fb67c8105ee757e0be521758cef6c3ad 9.0/RPMS/openssl-0.9.6i-1.7.90mdk.i586.rpm
2c5edca752c1bded660e811e4a14924c 9.0/SRPMS/openssl-0.9.6i-1.7.90mdk.src.rpm

Mandrakelinux 9.1:
675ca1ba5d7fbf2246a47ddb2c3b9b51 9.1/RPMS/libopenssl0-0.9.6i-1.3.91mdk.i586.rpm
4f916449cf69b4246b6d31313082b836 9.1/RPMS/libopenssl0.9.7-0.9.7a-1.3.91mdk.i586.rpm
e96d97d6abc80a2b876fa412a94513ee 9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.3.91mdk.i586.rpm
6f51829b630e60f1296571f06fdf31ad 9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.3.91mdk.i586.rpm
cf731928a2a17b67ecc3a1592300842d 9.1/RPMS/openssl-0.9.7a-1.3.91mdk.i586.rpm
7034cb0be4e172d30fe2d68a6bec27b3 9.1/SRPMS/openssl-0.9.7a-1.3.91mdk.src.rpm
fafa5780fe61503df1a92215e6dfdb24 9.1/SRPMS/openssl0.9.6-0.9.6i-1.3.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
6a083899b5c52877e9bed2e21b030918 ppc/9.1/RPMS/libopenssl0-0.9.6i-1.3.91mdk.ppc.rpm
0e3eee09e1f2ceb59422f4ff0ce4a073 ppc/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.3.91mdk.ppc.rpm
71a44d67de3c656025f9d9df93e690df ppc/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.3.91mdk.ppc.rpm
bfba9442501c5c618f1f3953728de8fe ppc/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.3.91mdk.ppc.rpm
fd0cae85733542b6e5edc422c6e85272 ppc/9.1/RPMS/openssl-0.9.7a-1.3.91mdk.ppc.rpm
7034cb0be4e172d30fe2d68a6bec27b3 ppc/9.1/SRPMS/openssl-0.9.7a-1.3.91mdk.src.rpm
fafa5780fe61503df1a92215e6dfdb24 ppc/9.1/SRPMS/openssl0.9.6-0.9.6i-1.3.91mdk.src.rpm

Mandrakelinux 9.2:
ca7d2493b21406d07d8c4c95e8768c47 9.2/RPMS/libopenssl0.9.7-0.9.7b-4.2.92mdk.i586.rpm
b0f4e7317a0ffa549394590bb3814216 9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-4.2.92mdk.i586.rpm
cf3c227a00a1f738915768a860fabf24 9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-4.2.92mdk.i586.rpm
34b175885ae59b3a089b11a02039d88a 9.2/RPMS/openssl-0.9.7b-4.2.92mdk.i586.rpm
006292d74c144ace0a288ab444493788 9.2/SRPMS/openssl-0.9.7b-4.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
34246401bd6d2b211ea366d0673b2ce6 amd64/9.2/RPMS/lib64openssl0.9.7-0.9.7b-4.2.92mdk.amd64.rpm
87b4e7fbeaf3640f94d67e1bd6bfc593 amd64/9.2/RPMS/lib64openssl0.9.7-devel-0.9.7b-4.2.92mdk.amd64.rpm
a3c9c929398a68ce06cce5fd537f4387 amd64/9.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7b-4.2.92mdk.amd64.rpm
85155f93b8c769759b901b44f71974dd amd64/9.2/RPMS/openssl-0.9.7b-4.2.92mdk.amd64.rpm
006292d74c144ace0a288ab444493788 amd64/9.2/SRPMS/openssl-0.9.7b-4.2.92mdk.src.rpm

Multi Network Firewall 8.2:
99eb1a2e1e97c207d39f5882c4acafe5 mnf8.2/RPMS/libopenssl0-0.9.6i-1.6.M82mdk.i586.rpm
e9564e5b55b8fdf4b8e8af1b1c0c56a2 mnf8.2/RPMS/openssl-0.9.6i-1.6.M82mdk.i586.rpm
1ae8ea6a7254b5abe1cbc0a6bca66997 mnf8.2/SRPMS/openssl-0.9.6i-1.6.M82mdk.src.rpm

Vendor URL:  www.openssl.org/news/secadv_20040317.txt (Links to External Site)
Cause:   Boundary error, Exception handling error, State error
Underlying OS:  Linux (Mandriva/Mandrake)
Underlying OS Comments:  9.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2

Message History:   This archive entry is a follow-up to the message listed below.
Mar 17 2004 OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications



 Source Message Contents

Subject:  MDKSA-2004:023 - Updated openssl packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           openssl
 Advisory ID:            MDKSA-2004:023
 Date:                   March 17th, 2004

 Affected versions:	 9.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered by the OpenSSL group using the
 Codenomicon TLS Test Tool.  The test uncovered a null-pointer
 assignment in the do_change_cipher_spec() function whih could be
 abused by a remote attacker crafting a special SSL/TLS handshake
 against a server that used the OpenSSL library in such a way as to
 cause OpenSSL to crash.  Depending on the application in question,
 this could lead to a Denial of Service (DoS).  This vulnerability
 affects both OpenSSL 0.9.6 (0.9.6c-0.9.6k) and 0.9.7 (0.9.7a-0.9.7c).
 CVE has assigned CAN-2004-0079 to this issue.
 
 Another vulnerability was discovered by Stephen Henson in OpenSSL
 versions 0.9.7a-0.9.7c; there is a flaw in the SSL/TLS handshaking
 code when using Kerberos ciphersuites.  A remote attacker could
 perform a carefully crafted SSL/TLS handshake against a server
 configured to use Kerberos ciphersuites in such a way as to cause
 OpenSSL to crash.  CVE has assigned CAN-2004-0112 to this issue.
 
 Mandrakesoft urges users to upgrade to the packages provided that have
 been patched to protect against these problems.  We would also like to
 thank NISCC for their assistance in coordinating the disclosure of
 these problems.
 
 Please note that you will need to restart any SSL-enabled services for
 the patch to be effective, including (but not limited to) Apache, 
 OpenLDAP, etc.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 aa5e93c4668cd1f4ef8091c260e6c274  corporate/2.1/RPMS/libopenssl0-0.9.6i-1.7.C21mdk.i586.rpm
 d1923437255ae0b50c5e1e8d40e3c0ee  corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.7.C21mdk.i586.rpm
 5e3ffcaa0291845b69c555f0961e610a  corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.7.C21mdk.i586.rpm
 ceefc8ac27966d4f7311f2fcff37b6c8  corporate/2.1/RPMS/openssl-0.9.6i-1.7.C21mdk.i586.rpm
 9c85e7f857a7ebcf707ac6e65d32ceb1  corporate/2.1/SRPMS/openssl-0.9.6i-1.7.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 d1f2609c2fd600a73504a92c6b96ad0b  x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.7.C21mdk.x86_64.rpm
 dec9c21de8362901562041c8a960a249  x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.7.C21mdk.x86_64.rpm
 951e43064657332318113f20c77cadf1  x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.7.C21mdk.x86_64.rpm
 47a86a2f8219baa9504f01e1cf6de640  x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.7.C21mdk.x86_64.rpm
 9c85e7f857a7ebcf707ac6e65d32ceb1  x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.7.C21mdk.src.rpm

 Mandrakelinux 9.0:
 f240a851cd1e2350485c01937c03954a  9.0/RPMS/libopenssl0-0.9.6i-1.7.90mdk.i586.rpm
 44163de2b87935272550f1ee76df3bea  9.0/RPMS/libopenssl0-devel-0.9.6i-1.7.90mdk.i586.rpm
 8692dc3bc8235e0ee0279c197fd7f2ee  9.0/RPMS/libopenssl0-static-devel-0.9.6i-1.7.90mdk.i586.rpm
 fb67c8105ee757e0be521758cef6c3ad  9.0/RPMS/openssl-0.9.6i-1.7.90mdk.i586.rpm
 2c5edca752c1bded660e811e4a14924c  9.0/SRPMS/openssl-0.9.6i-1.7.90mdk.src.rpm

 Mandrakelinux 9.1:
 675ca1ba5d7fbf2246a47ddb2c3b9b51  9.1/RPMS/libopenssl0-0.9.6i-1.3.91mdk.i586.rpm
 4f916449cf69b4246b6d31313082b836  9.1/RPMS/libopenssl0.9.7-0.9.7a-1.3.91mdk.i586.rpm
 e96d97d6abc80a2b876fa412a94513ee  9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.3.91mdk.i586.rpm
 6f51829b630e60f1296571f06fdf31ad  9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.3.91mdk.i586.rpm
 cf731928a2a17b67ecc3a1592300842d  9.1/RPMS/openssl-0.9.7a-1.3.91mdk.i586.rpm
 7034cb0be4e172d30fe2d68a6bec27b3  9.1/SRPMS/openssl-0.9.7a-1.3.91mdk.src.rpm
 fafa5780fe61503df1a92215e6dfdb24  9.1/SRPMS/openssl0.9.6-0.9.6i-1.3.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 6a083899b5c52877e9bed2e21b030918  ppc/9.1/RPMS/libopenssl0-0.9.6i-1.3.91mdk.ppc.rpm
 0e3eee09e1f2ceb59422f4ff0ce4a073  ppc/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.3.91mdk.ppc.rpm
 71a44d67de3c656025f9d9df93e690df  ppc/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.3.91mdk.ppc.rpm
 bfba9442501c5c618f1f3953728de8fe  ppc/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.3.91mdk.ppc.rpm
 fd0cae85733542b6e5edc422c6e85272  ppc/9.1/RPMS/openssl-0.9.7a-1.3.91mdk.ppc.rpm
 7034cb0be4e172d30fe2d68a6bec27b3  ppc/9.1/SRPMS/openssl-0.9.7a-1.3.91mdk.src.rpm
 fafa5780fe61503df1a92215e6dfdb24  ppc/9.1/SRPMS/openssl0.9.6-0.9.6i-1.3.91mdk.src.rpm

 Mandrakelinux 9.2:
 ca7d2493b21406d07d8c4c95e8768c47  9.2/RPMS/libopenssl0.9.7-0.9.7b-4.2.92mdk.i586.rpm
 b0f4e7317a0ffa549394590bb3814216  9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-4.2.92mdk.i586.rpm
 cf3c227a00a1f738915768a860fabf24  9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-4.2.92mdk.i586.rpm
 34b175885ae59b3a089b11a02039d88a  9.2/RPMS/openssl-0.9.7b-4.2.92mdk.i586.rpm
 006292d74c144ace0a288ab444493788  9.2/SRPMS/openssl-0.9.7b-4.2.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 34246401bd6d2b211ea366d0673b2ce6  amd64/9.2/RPMS/lib64openssl0.9.7-0.9.7b-4.2.92mdk.amd64.rpm
 87b4e7fbeaf3640f94d67e1bd6bfc593  amd64/9.2/RPMS/lib64openssl0.9.7-devel-0.9.7b-4.2.92mdk.amd64.rpm
 a3c9c929398a68ce06cce5fd537f4387  amd64/9.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7b-4.2.92mdk.amd64.rpm
 85155f93b8c769759b901b44f71974dd  amd64/9.2/RPMS/openssl-0.9.7b-4.2.92mdk.amd64.rpm
 006292d74c144ace0a288ab444493788  amd64/9.2/SRPMS/openssl-0.9.7b-4.2.92mdk.src.rpm

 Multi Network Firewall 8.2:
 99eb1a2e1e97c207d39f5882c4acafe5  mnf8.2/RPMS/libopenssl0-0.9.6i-1.6.M82mdk.i586.rpm
 e9564e5b55b8fdf4b8e8af1b1c0c56a2  mnf8.2/RPMS/openssl-0.9.6i-1.6.M82mdk.i586.rpm
 1ae8ea6a7254b5abe1cbc0a6bca66997  mnf8.2/SRPMS/openssl-0.9.6i-1.6.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesecure.net/en/advisories/

 Mandrakesoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAWIYPmqjQ0CJFipgRAshnAKC8/HKUJDKL1mhLx5DJepT50T0IOgCbBYwN
dn42d2BQxORniYtj+9q99NY=
=6dKA
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC