[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] DoS vulnerabilities and possibly remote root exploit in openssl

To: linux-security@sfu.ca
Subject: [linux-security] DoS vulnerabilities and possibly remote root exploit in openssl
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 1 Oct 2003 19:33:16 -0700
User-Agent: Mutt/1.4.1i

Topic
=====
DoS vulnerabilities and possibly remote root exploits in openssl

Problem Description
===================
There are multiple vulnerabilities in the OpenSSL implementations of the
Secure Sockets Layer (SSL) and  Transport Layer Security (TLS) protocols.
These vulnerabilities occur primarily in Abstract Syntax Notation One (ASN.1)
parsing code. The most serious vulnerabilities may allow a remote attacker
to execute arbitrary code. The common impact is denial of service (DoS).

More Details (from the Cert Advisory):
A vulnerability in the way OpenSSL deallocates memory used to store
ASN.1 structures could allow a remote attacker to execute arbitrary
code with the privileges of the process using the OpenSSL library.

Several integer overflow vulnerabilities in the way OpenSSL handles ASN.1
tags could allow a remote attacker to cause a denial of service.

A vulnerability in the way OpenSSL handles invalid public keys in
client certificate messages could allow a remote attacker to cause a
denial of service. This vulnerability requires as a precondition that
an application is configured to ignore public key decoding errors,
which is not typically the case on production systems.

OpenSSL accepts unsolicited client certificate messages. This could
allow an attacker to exploit underlying flaws in client certificate
handling, such as the vulnerabilities listed above.

Affected Systems
================
All versions of OpenSSL prior to 0.9.6k and 0.9.7c.

Solution
========
Upgrade to OpenSSL versions 0.9.6k or 0.9.7c or to a patched version
for your distribution.

RedHat 7.1
----------
rpm -Fvh openssl-0.9.6-19.i386.rpm \
         openssl-devel-0.9.6-19.i386.rpm \
         openssl-perl-0.9.6-19.i386.rpm \
         openssl-python-0.9.6-19.i386.rpm \
         openssl095a-0.9.5a-23.7.3.i386.rpm

RedHat 7.2, 7.3
---------------
rpm -Fvh openssl-0.9.6b-35.7.<arch>.rpm \
         openssl-devel-0.9.6b-35.7.i386.rpm \
         openssl-perl-0.9.6b-35.7.i386.rpm \
         openssl096-0.9.6-23.7.i386.rpm \
         openssl095a-0.9.5a-23.7.3.i386.rpm

<arch> is either i386 or (for 7.3) i686

RedHat 8.0
----------
rpm -Fvh openssl-0.9.6b-35.8.<arch>.rpm \
         openssl-devel-0.9.6b-35.8.i386.rpm \
         openssl-perl-0.9.6b-35.8.i386.rpm \
         openssl096-0.9.6-23.8.i386.rpm \
         openssl095a-0.9.5a-23.8.i386.rpm

<arch> is either i386 or i686

RedHat 9
--------
rpm -Fvh openssl-0.9.7a-20.<arch>.rpm \
         openssl-devel-0.9.7a-20.i386.rpm \
         openssl-perl-0.9.7a-20.i386.rpm \
         openssl096-0.9.6-23.9.i386.rpm \
         openssl096b-0.9.6b-12.i386.rpm

<arch> is either i386 or i686

Debian 3.0 (woody)
------------------
upgrade to openssl_0.9.6c-2.woody.4_i386.deb,
           libssl-dev_0.9.6c-2.woody.4_i386.deb,
           libssl0.9.6_0.9.6c-2.woody.4_i386.deb

SuSE-7.2
--------
rpm -Fvh openssl-0.9.6a-83.i386.rpm

SuSE-7.3
--------
rpm -Fvh openssl-0.9.6b-158.i386.rpm

SuSE-8.0
--------
rpm -Fvh openssl-0.9.6c-86.i386.rpm

SuSE-8.1
--------
rpm -Fvh openssl-0.9.6g-99.i586.rpm

SuSE-8.2
--------
rpm -Fvh openssl-0.9.6i-19.i586.rpm

SuSE-9.0
--------
rpm -Fvh openssl-0.9.7b-71.i586.rpm

Mandrake 8.2
------------
rpm -Fvh openssl-0.9.6i-1.5.82mdk.i586.rpm \
         libopenssl0-0.9.6i-1.5.82mdk.i586.rpm \
         libopenssl0-devel-0.9.6i-1.5.82mdk.i586.rpm \
         libopenssl0-static-devel-0.9.6i-1.5.82mdk.i586.rpm

Mandrake 9.0
------------
rpm -Fvh openssl-0.9.6i-1.6.90mdk.i586.rpm \
         libopenssl0-0.9.6i-1.6.90mdk.i586.rpm \
         libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm \
         libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm

Mandrake 9.1
------------
rpm -Fvh openssl-0.9.7a-1.2.91mdk.i586.rpm \
         libopenssl0.9.7-0.9.7a-1.2.91mdk.i586.rpm \
         libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.i586.rpm \
         libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.i586.rpm \
         libopenssl0-0.9.6i-1.2.91mdk.i586.rpm

Mandrake 9.2
------------
rpm -Fvh openssl-0.9.7b-4.1.92mdk.i586.rpm \
         libopenssl0.9.7-0.9.7b-4.1.92mdk.i586.rpm \
         libopenssl0.9.7-devel-0.9.7b-4.1.92mdk.i586.rpm \
         libopenssl0.9.7-static-devel-0.9.7b-4.1.92mdk.i586.rpm

Prev by Date: Re: [linux-security] ALERT: remote exploit in sendmail (SuSE)
Next by Date: support for RedHat distributions
Prev by thread: Re: support for RedHat distributions
Next by thread: [linux-security] ALERT: remote exploit in sendmail
Index(es):
- Date
- Thread