SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Conectiva Issues Fix) OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications
SecurityTracker Alert ID:  1009623
SecurityTracker URL:  http://securitytracker.com/id/1009623
CVE Reference:   CVE-2004-0079, CVE-2004-0081, CVE-2004-0112   (Links to External Site)
Date:  Apr 1 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6c - 0.9.6k and 0.9.7a - 0.9.7c
Description:   Some vulnerabilities were reported in OpenSSL, primarily involving the processing of SSL/TLS protocol handshakes. A remote user can cause OpenSSL to crash.

It is reported that there is a null-pointer assignment in the do_change_cipher_spec() function [CVE: CVE-2004-0079]. A remote user can perform a specially crafted SSL/TLS handshake with a target server to cause OpenSSL to crash on the target system. This may cause the application using OpenSSL to crash.

All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a to 0.9.7c inclusive are reportedly vulnerable to this null-pointer bug.

It is also reported that there is a flaw in performing SSL/TLS handshakes using Kerberos ciphersuites [CVE: CVE-2004-0112]. A remote user can perform a specially crafted SSL/TLS handshake against a server that is using Kerberos ciphersuites to cause OpenSSL to crash on the target system.

OpenSSL versions 0.9.7a, 0.9.7b, and 0.9.7c are reported to be vulnerable to this Kerberos handshake bug.

It is also reported that a remote user may be able to cause OpenSSL to enter an infinite loop due to a flaw in a patch introduced in 0.9.6d [CVE: CVE-2004-0081].

The vendor credits Dr. Stephen Henson of the OpenSSL core team as well as Codenomicon for supplying their TLS Test Tool and Joe Orton of Red Hat for performing the majority of the testing.

Impact:   A remote user can cause OpenSSL to crash, which may cause an application using OpenSSL to crash. The specific impact depends on the application that uses the OpenSSL library.
Solution:   Conectiva has issued a fix.

ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-static-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-doc-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-progs-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssl-0.9.6c-2U80_8cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl0.9.7-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-devel-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-devel-static-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-doc-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-progs-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/openssl0.9.7-0.9.7a-28910U90_2cl.src.rpm

Vendor URL:  www.openssl.org/news/secadv_20040317.txt (Links to External Site)
Cause:   Boundary error, Exception handling error, State error
Underlying OS:  Linux (Conectiva)
Underlying OS Comments:  8, 9

Message History:   This archive entry is a follow-up to the message listed below.
Mar 17 2004 OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications



 Source Message Contents

Subject:  [conectiva-updates] [CLA-2004:834] Conectiva Security Announcement - openssl


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : openssl
SUMMARY   : Remote denial of service vulnerabilities
DATE      : 2004-03-31 16:49:00
ID        : CLA-2004:834
RELEVANT
RELEASES  : 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
 OpenSSL[1] implements the Secure Sockets Layer (SSL v2/v3) and
 Transport Layer Security (TLS v1) protocols as well as full-strength
 general purpose cryptography functions. It's used (as a library) by
 several projects, like Apache, OpenSSH, Bind, OpenLDAP and many
 others clients and servers programs.
 
 This update fixes three denial of service vulnerabilities that affect
 OpenSSL versions distributed with Conectiva Linux:
 
 CAN-2004-0079: Null-pointer assignment during SSL handshake[3]. A
 remote attacker can exploit this vulnerability by performing a
 specially crafted SSL handshake that will crash the application. This
 vulnerability was discovered by the OpenSSL team using the
 Codenomicon TLS Test Tool and affects OpenSSL versions distributed
 with Conectiva Linux 8 (0.9.6c) and 9 (0.9.7a).
 
 CAN-2004-0081: Infinite loop when handling unknown TLS message
 types[4]. A remote attacker can exploit this vulnerability by sending
 specially crafted TLS messages, causing the application to enter an
 infinite loop. Conectiva Linux 9 (OpenSSL-0.9.7a) is not vulnerable
 to this issue.
 
 CAN-2004-0112: Out-of-bounds read with Kerberos ciphersuites[5].
 Stephen Henson discovered a vulnerability in the SSL/TLS handshaking
 code when using Kerberos ciphersuites. A remote attacker can exploit
 it to crash an application which uses Kerberos ciphersuites. The
 OpenSSL version distributed with Conectiva Linux 8 (OpenSSL-0.9.6c)
 is not vulnerable to this issue and there are no known applications
 using Kerberos ciphersuites in Conectiva Linux 9.


SOLUTION
 All openssl users should upgrade.
 
 Please notice that in order to complete the upgrade process, you must
 restart all running aplications that are linked to openssl libraries
 after the new packages are installed. You can see a list of such
 applications using the lsof utility, as seen below:
 
 # lsof | egrep '(libcrypto|libssl)'
 
 Services (like apache and openssh daemons) can be restarted using the
 "service" command. For example:
 
 # service httpd restart
 # service sshd restart
 
 
 REFERENCES
 1.http://www.openssl.org/
 2.http://www.openssl.org/news/secadv_20040317.txt
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0079
 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0081
 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0112


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-static-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-doc-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-progs-0.9.6c-2U80_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssl-0.9.6c-2U80_8cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl0.9.7-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-devel-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-devel-static-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-doc-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/openssl-progs-0.9.7a-28910U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/openssl0.9.7-0.9.7a-28910U90_2cl.src.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFAayEU42jd0JmAcZARAs6OAJ4vuumdJWJFypgaplbaXWSyiXVKMQCg44Bz
DT+Jr6ga5BKDkX2dxB6kc0I=
=ZzSr
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC