[Dshield] OpenSSL Vulnerability

Ben Robson ben at robson.ph
Wed Oct 1 13:00:53 GMT 2003


All,

I haven't seen anyone post anything about the current OpenSSL & SSLeay 
issues to this list yet.  (Odd really?!?!?!?!?!?)  Anyway, here's 
another one of those alert thingys I do for work.  (by the way, I 
archive these at www.robson.ph)

BenR.

Purpose:              Security Officer Alert
Subject:              Multiple Vulnerabilities in SSL Libraries
Threat Level:         High
Date:                 1st October 2003
Systems Affected:     All systems using OpenSSL, SSLeay


Summary:
============

       Multiple vulnerabilities have been found to exist within the
OpenSSL and SSLeay encryption algorithm libraries.  OpenSSL and SSLeay
are the most widely used cryptographic library sets on the Internet. 
These libraries are used in such applications as OpenSSH, SSH,
mod_ssl(apache), other https servers, and many other applications
requiring cryptographic extensions.

       The OpenSSL team has notified the IT community to 4
vulnerabilities.  These vulnerabilities relate to the handling of
erroneous(invalid) digital certificates that can lead to a denial of
service (confirmed) and possibly the execution of arbitrary code
(un-confirmed) on the system.

       As yet no exploits have been identified for this issue, however
given the pervasiveness of the SSL libraries and the return on
investment to hackers to develop and exploit it, it is likely one will
be created very shortly.


Who is affected:
=================

        The OpenSSL team has notified the IT community that all versions
up to and including 0.9.6j and 0.9.7b are vulnerable to these issues. 
All users of applications that use the OpenSSL or SSLeay libraries are
affected by these issues.

       Users may not immediately identify their systems as using these
libraries, however if the user is running any application with any form
of cryptographic function then the user is very possibly suceptible. 
This includes most WWW server systems, and encrypted communication
methods.

       The following vendors have released security advisories relating
to the SSL libraries (at the time of posting this report).  Others will
likely follow very shortly.:

       - Redhat Linux 7.1 (i386, iSeries, pSeries)
                           7.2 (i386, i586, ia64)
                           7.3 (i386, i686)
                           8.0 (i386, i686)
                           9.0 (i386, i686)
       - Immunix 7+
       - SGI
       - EnGarde Secure Community v1.0.1
                     Secure Community 2
                     Secure Professional v1.1
                     Secure Professional v1.2
                     Secure Professional v1.5
       - Connectiva 7.0, 8, 9
       - Cisco IOS 12.1(11)E, 12.1E and later
                  PIX Firewalls
                  Firewall Service Module for 6500 & 7600 Series
                  Network Analysis Modules for 6000, 6500 & 7600 Series
                  Content Service Switch 11000 Series
                  Global Site Selector 4480
                  Application & Content Network Software
                  SN 5428 Storage Router
                  CiscoWorks 1105 Hosting Solution Engine
                  CiscoWorks 1105 Wireless LAN Solution Engine
                  CiscoWorks Common Services
                  SIP Proxy Server


Actions:
==========

        Mitigation & Resolution:
        ------------------------

        Administrators of vulnerable systems are advised to upgrade
their versions of OpenSSL to version 0.9.6k or 0.9.7c.  Any application
that uses these libararies in a statically linked manner should also
recompile these applications once the SSL libraries have been upgraded.


Comments:
=========

        The SSL libraries are one of the most pervasive library sets
active on Internet connected systems.  A large proportion of Internet
connected servers will have the OpenSSL or SSLeay libraries installed by
default as part of any cryptographic communication functions.

        Should it be found that the vulnerabilities do allow the
excution of arbitrary code on victim systems there is significant scope
for a new worm to be created based on this vulnerability.


Details:
=========

        The following information is the advisory published by the
OpenSSL team to the Full-Disclosure, Bugtraq and OpenSSL mail lists.


-----BEGIN PGP SIGNED MESSAGE-----

OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing
================================

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation
of SSL/TLS software when presented with a wide range of malformed client
certificates.

Dr Stephen Henson (steve at openssl.org) of the OpenSSL core team
identified and prepared fixes for a number of vulnerabilities in the
OpenSSL ASN1 code when running the test suite.

A bug in OpenSSLs SSL/TLS protocol was also identified which causes
OpenSSL to parse a client certificate from an SSL/TLS client when it
should reject it as a protocol error.

Vulnerabilities
- ---------------

1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of service
attack. It is currently unknown whether this can be exploited to run
malicious code. This issue does not affect OpenSSL 0.9.6.

2. Unusual ASN.1 tag values can cause an out of bounds read under
certain circumstances, resulting in a denial of service vulnerability.

3. A malformed public key in a certificate will crash the verify code if
it is set to ignore public key decoding errors. Public key decode errors
are not normally ignored, except for debugging purposes, so this is
unlikely to affect production code. Exploitation of an affected
application would result in a denial of service vulnerability.

4. Due to an error in the SSL/TLS protocol handling, a server will parse
a client certificate when one is not specifically requested. This by
itself is not strictly speaking a vulnerability but it does mean that
*all* SSL/TLS servers that use OpenSSL can be attacked using
vulnerabilities 1, 2 and 3 even if they don't enable client
authentication.

Who is affected?
- ----------------

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all
versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse
untrusted data. This includes all SSL or TLS applications, those using
S/MIME (PKCS#7) or certificate generation routines.

Recommendations
- ---------------

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications
statically linked to OpenSSL libraries.

References
- ----------

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20030930.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQCVAwUBP3mNKu6tTP1JpWPZAQFjPwP/Y8epYBa9oCK69dCT5Y90kg9Ir8pYuv+q
x4NxuyhD5JaJfmStwbl3BUSE5juI0mh7d6yFjfI0Ci3sdC+5v10ZOanGwX7o4JlS
3pGSSocAEiYS59qciRLtFsCbBt8jIOCG8KiTmKO2mI5dhAEB9UqPH9e8A1Wy/8un
xjGKYbcITrM=
=fFTe
-----END PGP SIGNATURE-----






More information about the list mailing list