__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Red Hat Updated OpenSSL Packages Fix Timing Attack [Red Hat Security Advisory RHSA-2003:062-11] March 7, 2003 19:00 GMT Number N-051 ______________________________________________________________________________ PROBLEM: There is a timing-base vulnerability in Cipher Block Chaining (CBC) ciphersuites within Secure Sockets Layer (SSL) and the Transport Layer Security (TLS). PLATFORM: Red Hat Linux 6.2 Red Hat Linux 7.0 Red Hat Linux 7.1 Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 DAMAGE: An attacker may be able to use timing observations to distinguish between two different error cases. Over multiple connections this can leak sufficient information to make it possible to retrieve the plaintext of a common, fixed block (such as a password). SOLUTION: Apply updated packages as stated in Red Hat's advisory. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. OpenSSL is a widely used product. However, ASSESSMENT: in order for this attack to be successful, an attacker must be able to act as a man-in-the-middle to intercept and modify multiple connections. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-051.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2003-062.html ADDITIONAL LINKS: http://www.openssl.org/news/secadv_20030219.txt ______________________________________________________________________________ [***** Start Red Hat Security Advisory RHSA-2003:062-11 *****] Updated OpenSSL packages fix timing attack Advisory: RHSA-2003:062-11 Last updated on: 2003-03-06 Affected Products: Red Hat Linux 6.2 Red Hat Linux 7.0 Red Hat Linux 7.1 Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 CVEs (cve.mitre.org): CAN-2003-0078 Security Advisory Details: Updated OpenSSL packages are available that fix a potential timing-based attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. In a paper, Brice Canvel, Alain Hiltgen, Serge Vaudenay, and Martin Vuagnoux describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. An active attacker may be able to use timing observations to distinguish between two different error cases: cipher padding errors and MAC verification errors. Over multiple connections this can leak sufficient information to make it possible to retrieve the plaintext of a common, fixed block. In order for an attack to be sucessful, an attacker must be able to act as a man-in-the-middle to intercept and modify multiple connections, which all involve a common fixed plaintext block (such as a password), and have good network conditions that allow small changes in timing to be reliably observed. These erratum packages contain a patch provided by the OpenSSL group that corrects this vulnerability. Because server applications are affected by these vulnerabilities, we advise users to restart all services that use OpenSSL functionality or alternatively reboot their systems after installing these updates. Updated packages: Red Hat Linux 6.2 -------------------------------------------------------------------------------- SRPMS: openssl-0.9.5a-30.src.rpm [ via FTP ] [ via HTTP ] 43fc50cff822dc459bb38e8c369e8965 i386: openssl-0.9.5a-30.i386.rpm [ via FTP ] [ via HTTP ] 89f90fbdbf3731f4cd0af1f362ff10bc openssl-devel-0.9.5a-30.i386.rpm [ via FTP ] [ via HTTP ] aeba8db707ac96a25dac61586b547ea5 openssl-perl-0.9.5a-30.i386.rpm [ via FTP ] [ via HTTP ] 8b94e526b689a4a6325031b380ec7b37 openssl-python-0.9.5a-30.i386.rpm [ via FTP ] [ via HTTP ] 4e9fb9fcea2d4d6c9c9f5d0d500b94e1 Red Hat Linux 7.0 -------------------------------------------------------------------------------- SRPMS: openssl-0.9.6-14.src.rpm [ via FTP ] [ via HTTP ] b1306cc627ed2eee6583cda7318c5d21 openssl095a-0.9.5a-18.7.src.rpm [ via FTP ] [ via HTTP ] 4eeca68ad45a889cf99e9888244f811f i386: openssl-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] eafaadaed7be24dfe9f1335d9de6af19 openssl-devel-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] 5da72b7b35a9d8529316bd34810406c8 openssl-perl-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] e2d6359f0569c7da631d72f80fe16735 openssl-python-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] 96088bee90bd4c827731316581ce598e openssl095a-0.9.5a-18.7.i386.rpm [ via FTP ] [ via HTTP ] 0c8458c5fe99f2dccbd99fc1471e579d Red Hat Linux 7.1 -------------------------------------------------------------------------------- SRPMS: openssl-0.9.6-14.src.rpm [ via FTP ] [ via HTTP ] b1306cc627ed2eee6583cda7318c5d21 openssl095a-0.9.5a-18.7.src.rpm [ via FTP ] [ via HTTP ] 4eeca68ad45a889cf99e9888244f811f i386: openssl-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] eafaadaed7be24dfe9f1335d9de6af19 openssl-devel-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] 5da72b7b35a9d8529316bd34810406c8 openssl-perl-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] e2d6359f0569c7da631d72f80fe16735 openssl-python-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] 96088bee90bd4c827731316581ce598e openssl095a-0.9.5a-18.7.i386.rpm [ via FTP ] [ via HTTP ] 0c8458c5fe99f2dccbd99fc1471e579d Red Hat Linux 7.2 -------------------------------------------------------------------------------- SRPMS: openssl-0.9.6b-30.7.src.rpm [ via FTP ] [ via HTTP ] 3ae2cc393a411ce6d4bf02ca2902c3b3 openssl095a-0.9.5a-18.7.src.rpm [ via FTP ] [ via HTTP ] 4eeca68ad45a889cf99e9888244f811f openssl096-0.9.6-13.7.src.rpm [ via FTP ] [ via HTTP ] f6e69835cf22aaf4ed81182d3b3238f2 i386: openssl-0.9.6b-30.7.i386.rpm [ via FTP ] [ via HTTP ] 561ca4b931f7aa1b5e5b187eadc50979 openssl-devel-0.9.6b-30.7.i386.rpm [ via FTP ] [ via HTTP ] b800915ee28c2ee3e16f0efd3a982cfd openssl-perl-0.9.6b-30.7.i386.rpm [ via FTP ] [ via HTTP ] 61343012eef3bbe98c0d84a507d42139 openssl095a-0.9.5a-18.7.i386.rpm [ via FTP ] [ via HTTP ] 0c8458c5fe99f2dccbd99fc1471e579d openssl096-0.9.6-13.7.i386.rpm [ via FTP ] [ via HTTP ] f1f521a9af06532b0ca4cbadf191f9f6 i686: openssl-0.9.6b-30.7.i686.rpm [ via FTP ] [ via HTTP ] 90238359f766d40a6fea1ce187378e0f ia64: openssl-0.9.6b-30.7.ia64.rpm [ via FTP ] [ via HTTP ] d04117405d4d98952b45482b540adc48 openssl-devel-0.9.6b-30.7.ia64.rpm [ via FTP ] [ via HTTP ] 835873daf75483628c41030b2d3bf416 openssl-perl-0.9.6b-30.7.ia64.rpm [ via FTP ] [ via HTTP ] 4bfc8f05437a13ceb5fbcad25e7a4a50 openssl095a-0.9.5a-18.7.ia64.rpm [ via FTP ] [ via HTTP ] 6405dbbcc5bb5bf240b4623456b4d6ab openssl096-0.9.6-13.7.ia64.rpm [ via FTP ] [ via HTTP ] cca8bf123ae09e0c73b9a817b441af1b Red Hat Linux 7.3 -------------------------------------------------------------------------------- SRPMS: openssl-0.9.6b-30.7.src.rpm [ via FTP ] [ via HTTP ] 3ae2cc393a411ce6d4bf02ca2902c3b3 openssl095a-0.9.5a-18.7.src.rpm [ via FTP ] [ via HTTP ] 4eeca68ad45a889cf99e9888244f811f openssl096-0.9.6-13.7.src.rpm [ via FTP ] [ via HTTP ] f6e69835cf22aaf4ed81182d3b3238f2 i386: openssl-0.9.6b-30.7.i386.rpm [ via FTP ] [ via HTTP ] 561ca4b931f7aa1b5e5b187eadc50979 openssl-devel-0.9.6b-30.7.i386.rpm [ via FTP ] [ via HTTP ] b800915ee28c2ee3e16f0efd3a982cfd openssl-perl-0.9.6b-30.7.i386.rpm [ via FTP ] [ via HTTP ] 61343012eef3bbe98c0d84a507d42139 openssl095a-0.9.5a-18.7.i386.rpm [ via FTP ] [ via HTTP ] 0c8458c5fe99f2dccbd99fc1471e579d openssl096-0.9.6-13.7.i386.rpm [ via FTP ] [ via HTTP ] f1f521a9af06532b0ca4cbadf191f9f6 i686: openssl-0.9.6b-30.7.i686.rpm [ via FTP ] [ via HTTP ] 90238359f766d40a6fea1ce187378e0f Red Hat Linux 8.0 -------------------------------------------------------------------------------- SRPMS: openssl-0.9.6b-31.src.rpm [ via FTP ] [ via HTTP ] 280a5beecb76fe4f7a00a745cbc03737 openssl095a-0.9.5a-19.src.rpm [ via FTP ] [ via HTTP ] bd2e48a63222cde53b86b00acf368a1e openssl096-0.9.6-14.src.rpm [ via FTP ] [ via HTTP ] c9103cd84c301e53c7c79f4e349b43fc i386: openssl-0.9.6b-31.i386.rpm [ via FTP ] [ via HTTP ] aaffbdfe037fdfc0a3a45cea4e3fe7d9 openssl-devel-0.9.6b-31.i386.rpm [ via FTP ] [ via HTTP ] 0a1a647afb7dea3de6bbac9603f3d45b openssl-perl-0.9.6b-31.i386.rpm [ via FTP ] [ via HTTP ] 41c0188d93babf72ffa3dc88b42cc3a7 openssl095a-0.9.5a-19.i386.rpm [ via FTP ] [ via HTTP ] 276c04536cfa314afa3154fb9ee58582 openssl096-0.9.6-14.i386.rpm [ via FTP ] [ via HTTP ] 8db8722990b478451e8fcb04aa14da2a i686: openssl-0.9.6b-31.i686.rpm [ via FTP ] [ via HTTP ] 12f5cab2bde7ac88bbb311aeba04bd9e Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078 http://lasecwww.epfl.ch/pub/lasec/doc/Vau02a.ps -------------------------------------------------------------------------------- The listed packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/solutions/security/news/publickey.html#key You can verify each package and see who signed it with the following command: rpm --checksig -v filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum filename Note that you need RPM >= 3.0 to check GnuPG keys. The Red Hat security contact is security@redhat.com. More contact details at http://www.redhat.com/solutions/security/news/contact.html [***** End Red Hat Security Advisory RHSA-2003:062-11 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat, Incorporated and The OpenSSL Project for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) N-041: Sun Linux Vulnerabilities in "unzip" and GNU "tar" Commands N-042: Updated PHP packages available N-043: Red Hat openldap Vulnerabilities N-044: Red Hat Updated kernel-utils Packages Fix setuid Vulnerability N-045: Red Hat Updated PAM packages fix bug in pam_xauth Module N-046: Multiple Vulnerabilities in Oracle Servers N-047: Microsoft Windows ME Help and Support Center Vulnerability N-048: SendMail MTA Vulnerability N-049: Snort RPC Preprocessing Vulnerability N-050: Sun sendmail(1M) ".forward" Constructs Vulnerability