SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Apple Issues Fix) OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications
SecurityTracker Alert ID:  1009678
SecurityTracker URL:  http://securitytracker.com/id/1009678
CVE Reference:   CVE-2004-0079, CVE-2004-0112   (Links to External Site)
Updated:  Apr 7 2004
Original Entry Date:  Apr 6 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6c - 0.9.6k and 0.9.7a - 0.9.7c
Description:   Some vulnerabilities were reported in OpenSSL, primarily involving the processing of SSL/TLS protocol handshakes. A remote user can cause OpenSSL to crash.

It is reported that there is a null-pointer assignment in the do_change_cipher_spec() function [CVE: CVE-2004-0079]. A remote user can perform a specially crafted SSL/TLS handshake with a target server to cause OpenSSL to crash on the target system. This may cause the application using OpenSSL to crash.

All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a to 0.9.7c inclusive are reportedly vulnerable to this null-pointer bug.

It is also reported that there is a flaw in performing SSL/TLS handshakes using Kerberos ciphersuites [CVE: CVE-2004-0112]. A remote user can perform a specially crafted SSL/TLS handshake against a server that is using Kerberos ciphersuites to cause OpenSSL to crash on the target system.

OpenSSL versions 0.9.7a, 0.9.7b, and 0.9.7c are reported to be vulnerable to this Kerberos handshake bug.

It is also reported that a remote user may be able to cause OpenSSL to enter an infinite loop due to a flaw in a patch introduced in 0.9.6d [CVE: CVE-2004-0081].

The vendor credits Dr. Stephen Henson of the OpenSSL core team as well as Codenomicon for supplying their TLS Test Tool and Joe Orton of Red Hat for performing the majority of the testing.

Impact:   A remote user can cause OpenSSL to crash, which may cause an application using OpenSSL to crash. The specific impact depends on the application that uses the OpenSSL library.
Solution:   Apple has released a fix as part of Security Update 2004-04-05, available at:

* Software Update pane in System Preferences

* Apple's Software Downloads web site:

Mac OS X 10.3.3 "Panther" and Mac OS X 10.3.3 Server:

http://www.apple.com/support/downloads/securityupdate_2004-04-05_(10_3_3).html
The download file is named: "SecUpd2004-04-05Pan.dmg"
Its SHA-1 digest is: 30c78daca1859ddc84a6c8e5c1d31de32b4aa979

The vendor's advisory is available at:

http://www.apple.com/support/security/security_updates.html

Vendor URL:  www.openssl.org/news/secadv_20040317.txt (Links to External Site)
Cause:   Boundary error, Exception handling error, State error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.3.3

Message History:   This archive entry is a follow-up to the message listed below.
Mar 17 2004 OpenSSL SSL/TLS Handshade Flaws May Let Remote Users Crash OpenSSL-based Applications



 Source Message Contents

Subject:  APPLE-SA-2004-04-05 Security Update 2004-04-05


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2004-04-05 Security Update 2004-04-05

Security Update 2004-04-05 is now available and contains security
enhancements for the following:

CUPS Printing:  Fixes CAN-2004-0382 to improve the security of the
   printing system. This is a configuration file change that does not
   affect the underlying Printing system.  Credit to aaron@vtty.com
   for reporting this issue.

libxml2:  Fixes CAN-2004-0110 to improve the handling of uniform
   resource locators.

Mail:  Fixes CAN-2004-0383 to improve the handling of HTML-formatted
   email. Credit to aaron@vtty.com for reporting this issue.

OpenSSL:  Fixes CAN-2004-0079 and CAN-2004-0112 to improve the
   handling of encryption choices.

Notes:
  -  Security Update 2004-04-05 is available for both Mac OS X 10.3.3
       and Mac OS X 10.2.8
  -  Security Update 2004-01-26 has been incorporated into the
       version for Mac OS X 10.2.8

================================================

Security Update 2004-04-05 may be obtained from:

  * Software Update pane in System Preferences

  * Apple's Software Downloads web site:

    Mac OS X 10.3.3 "Panther" and Mac OS X 10.3.3 Server
    ====================================================
    http://www.apple.com/support/downloads/securityupdate_2004-04-05_
(10_3_3).html
    The download file is named: "SecUpd2004-04-05Pan.dmg"
    Its SHA-1 digest is: 30c78daca1859ddc84a6c8e5c1d31de32b4aa979

    Mac OS X 10.2.8 "Jaguar" and Mac OS X 10.2.8 Server
    ===================================================
    http://www.apple.com/support/downloads/securityupdate_2004-04-05_
(10_2_8).html
    The download file is named: "SecUpd2004-04-05Jag.dmg"
    Its SHA-1 digest is: c811bab90b5cdef3e5c518ec1641860dccea0eb7

Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html

This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQEVAwUBQHHgvXeI0z6bzFr0AQLIzwf/fZafC/L+kT+NPNPSBXc4m6X1wZpwuYmV
88VzHRNimElGzLkL3An0/f9Fmuq9YyDHNp+51HNrHFHAc+CHin5oxaGEoP7KI2ap
kA5M634yG0+cfecH7qS6ypcfqmLUdch6oE+TCR5WwT8mAHVDaDz4nl2qIrQFCAZ6
nRwhwMGaU/k3Ip9gR4jO+0zfrtC+q1vIeuqzod0nOYnphiOQNxybAuBSo3AXgWK/
7ObG8euBIEB6Ge89iyXv8dZSsOAn7JxZMl9mjihUM4Sn938Uqlwo3nt8r78jecWh
gmRSxJBpL3U4ht7o+2a8XNnOSwmh4pvgnS1hGADLjqRqenfUI4oRKg==
=ec3N
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC