SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Juniper IDP Vendors:   NetScreen
(NetScreen Issues Fix for NetScreen-IDP) OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications
SecurityTracker Alert ID:  1009650
SecurityTracker URL:  http://securitytracker.com/id/1009650
CVE Reference:   CVE-2004-0079, CVE-2004-0081   (Links to External Site)
Date:  Apr 3 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0 - 2.1r6
Description:   Some vulnerabilities were reported in OpenSSL, primarily involving the processing of SSL/TLS protocol handshakes. A remote user can cause OpenSSL to crash. NetScreen-IDP is vulnerable.

It is reported that there is a null-pointer assignment in the do_change_cipher_spec() function [CVE: CVE-2004-0079]. A remote user can perform a specially crafted SSL/TLS handshake with a target server to cause OpenSSL to crash on the target system. This may cause the application using OpenSSL to crash.

All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a to 0.9.7c inclusive are reportedly vulnerable to this null-pointer bug.

It is also reported that there is a flaw in performing SSL/TLS handshakes using Kerberos ciphersuites [CVE: CVE-2004-0112]. A remote user can perform a specially crafted SSL/TLS handshake against a server that is using Kerberos ciphersuites to cause OpenSSL to crash on the target system.

OpenSSL versions 0.9.7a, 0.9.7b, and 0.9.7c are reported to be vulnerable to this Kerberos handshake bug.

It is also reported that a remote user may be able to cause OpenSSL to enter an infinite loop due to a flaw in a patch introduced in 0.9.6d [CVE: CVE-2004-0081].

The vendor credits Dr. Stephen Henson of the OpenSSL core team as well as Codenomicon for supplying their TLS Test Tool and Joe Orton of Red Hat for performing the majority of the testing.

Impact:   A remote user can cause OpenSSL to crash, which may cause an application using OpenSSL to crash. The specific impact depends on the application that uses the OpenSSL library.
Solution:   NetScreen has issued a fix, available at:

https://support.neoteris.com

Vendor URL:  www.netscreen.com/services/security/alerts/adv58466-2.txt (Links to External Site)
Cause:   Boundary error, Exception handling error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 17 2004 OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications



 Source Message Contents

Subject:  http://www.netscreen.com/services/security/alerts/adv58466-2.txt


http://www.netscreen.com/services/security/alerts/adv58466-2.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: NetScreen Advisory 58466
Date: 26 March 2004
Version: 2

Impact:
Potential OpenSSL denial of service in the NetScreen Instant Virtual
Extranet (IVE) and Intrusion Detection and Prevention (IDP) platforms.

Affected Products:
     NetScreen IVE                (all versions)
     NetScreen IDP                2.0 - 2.1r6

Unaffected Products:
     NetScreen Firewalls          (all versions)
     NetScreen-Security Manager   (all versions)
     NetScreen-Global Pro         (all versions)
     NetScreen-Global ProExpress  (all versions)


CVE References: CAN-2004-0079, CAN-2004-0081
NISCC Reference: 224012/OpenSSL

Max Risk: Medium

Summary:
Three vulnerabilities in various versions of OpenSSL which lead to a
denial of service have been discovered through testing done by the
OpenSSL Project.  Based on the information provided by the NISCC,
NetScreen has determined that only two of the issues affects
NetScreen products.

Details:
Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered a null-pointer assignment in the do_change_cipher_spec() function
(CAN-2004-0079).  A remote attacker could perform a carefully crafted SSL/TLS
handshake against a server that used the OpenSSL library in such a way as to
cause OpenSSL to crash.  This issue affects the NetScreen IDP platform.  All
other NetScreen products are immune to this issue.

Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool
uncovered an infinite loop (CAN-2004-0081) which a remote attacker
may be able to exploit causing the application to become unresponsive.
This issue affects the NetScreen IVE and IDP platforms.  All other NetScreen
products are immune to this issue.

Patch Availability:
NetScreen currently has patches available for the NetScreen IVE and IDP
platforms.

Recommended Actions for IVE Customers:
Install the appropriate patch corresponding to your currently installed
release.

Getting Fixed Software for the NetScreen IVE platform:
NetScreen is offering free fixes for all customers, regardless of
service contract status.

Customers may download an update which contains the fix for this
issue by going to https://support.neoteris.com and entering in the build
number of the IVE OS currently installed.  You will then be directed to
the appropriate IVE OS release.

Customers with further questions regarding the IVE patches may contact
the NetScreen IVE Technical Assistance Center at 408-543-2991 (Option 2)
or send email to help@support.neoteris.com.

Recommended Actions for IDP Customers:
Install the updated OpenSSL RPM package which can be downloaded from the
NetScreen website (instructions provided below).

Getting Fixed Software for the NetScreen IDP platform:
NetScreen is offering free fixes for all customers, regardless of
service contract status.

1) Customers should download the updated OpenSSL RPM which contains the fix
for this issue by going to:

http://www.netscreen.com/cso

You will be prompted for your User ID and Password. If you do not already
have a CSO account, enter the whole or part of your company name as your
User ID and enter your registered NetScreen IDP serial number as the password.

The updated OpenSSL RPM is contained in the following file located
under the "IDP Operating System Updates" section:

Filename:                              MD5 Hash:
openssl-0.9.6b-35.7.idp.1.i386.rpm     adc1d3e2ceb49d37474756fcd346c14c

2) Copy the RPM package to the /tmp directory on the IDP appliance.

3) Login to the IDP appliance and su to the root account.

4) Update the RPM package by typing the following as the root user:

rpm -Uvh /tmp/openssl-0.9.6b-35.7.idp.1.i386.rpm

5) Restart the Appliance Configuration Manager (ACM) by typing the following
as the root user:

service httpd restart

If you have not yet registered your product with NetScreen, you will
need to contact NetScreen Technical Support for special instructions on
how to obtain the fixed software. NetScreen Technical Support can be
reached from 8 a.m. to 5 p.m. Pacific time Monday through Friday
excluding weekends and observed holidays. You may contact them via
email at:
support@netscreen.com
or via phone at:
877-638-7273 or 408-543-2100 Option #1

Please reference this Advisory title as evidence of your entitlement to
the fixed software version.

NetScreen authorized Value Added Resellers have access to NetScreen
software versions and may also be a channel through which to obtain the
new release.

If you wish to verify the validity of this Security Advisory, the
public PGP key can be accessed at:

http://www.netscreen.com/services/security/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: NetScreen Security Response Team <security-alert@netscreen.com>

iD8DBQFAZKUqW2Bw6QjqXRcRAj71AJ0Tz+g5EopLgUWagPpFkIg50lYMlwCff4zm
HnqVWDQUJHy0lCqP4e1uQsw=
=2Ttp
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC