[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ALERT: remote root exploit in openssl library

To: linux-security
Subject: [linux-security] ALERT: remote root exploit in openssl library
From: Martin Siegert <siegert@sfu.ca>
Date: Tue, 30 Jul 2002 12:01:39 -0700
User-Agent: Mutt/1.4i

Topic
=====
buffer overflow in openssl library may lead to remote root exploit

Problem Description
===================
A security audit of the OpenSSL code found several buffer overflows in
OpenSSL which affect versions 0.9.7 and 0.9.6d and earlier:

1. The client master key in SSL2 could be oversized and overrun a
   buffer. It has already been demonstrated that this vulnerability
   is exploitable. Exploit code is NOT available at this time (yet).
  
2. The session ID supplied to a client in SSL3 could be oversized and
   overrun a buffer.
  
3. The master key supplied to an SSL3 server could be oversized and
   overrun a stack-based buffer. This issues only affects OpenSSL
   0.9.7 before 0.9.7-beta3 with Kerberos enabled.
  
4. Various buffers for ASCII representations of integers were too
   small on 64 bit platforms.

A large number of applications within all Linux distributions make use of 
the OpenSSL library to provide SSL support.  All users are therefore advised
to upgrade the OpenSSL packages to correct these vulnerabilities.

Affected Systems
================
all openssl versions 0.9.6d and earlier (and 0.9.7-beta2 and earlier 0.9.7
versions).

Solution
========
upgrade to openssl-0.9.6e (or patched version for your distribution)

RedHat 6.x
----------
rpm -Fvh openssl-0.9.5a-26.i386.rpm \
         openssl-devel-0.9.5a-26.i386.rpm \
         openssl-perl-0.9.5a-26.i386.rpm \
         openssl-python-0.9.5a-26.i386.rpm

RedHat 7.0, 7.1
---------------
rpm -Fvh openssl-0.9.6-10.i386.rpm \
         openssl-devel-0.9.6-10.i386.rpm \
         openssl-perl-0.9.6-10.i386.rpm \
         openssl-python-0.9.6-10.i386.rpm \
         openssl095a-0.9.5a-14.i386.rpm

RedHat 7.2
----------
rpm -Fvh openssl-0.9.6b-24.<arch>.rpm \
         openssl-devel-0.9.6b-24.i386.rpm \
         openssl-perl-0.9.6b-24.i386.rpm \
         openssl096-0.9.6-9.i386.rpm \
         openssl095a-0.9.5a-14.i386.rpm

where <arch> is either i386 or i686

RedHat 7.3
----------
rpm -Fvh openssl-0.9.6b-24.<arch>.rpm \
         openssl-devel-0.9.6b-24.i386.rpm \
         openssl-perl-0.9.6b-24.i386.rpm \
         openssl095a-0.9.5a-14.i386.rpm \
         openssl096-0.9.6-9.i386.rpm

where <arch> is either i386 or i686

Debian 3.0 (woody)
-------------------
upgrade to ssleay_0.9.6c-2.woody.0_all.deb
           openssl_0.9.6c-2.woody.0_i386.deb
           libssl09_0.9.4-6.woody.0_i386.deb
           libssl0.9.6_0.9.6c-2.woody.0_i386.deb
           libssl-dev_0.9.6c-2.woody.0_i386.deb
           libssl095a_0.9.5a-6.woody.0_i386.deb

Follow-Ups:
- [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] buffer overflow in resolver library functions
Next by Date: [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
Prev by thread: [linux-security] gallery remote exploit (Debian)
Next by thread: [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
Index(es):
- Date
- Thread