__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN OpenSSL Security Advisory October 3, 2006 20:00 GMT Number R-001 [REVISED 13 Oct 2006] [REVISED 10 Nov 2006] [REVISED 14 Nov 2006] [REVISED 15 Nov 2006] [REVISED 05 Dec 2006] [REVISED 13 Dec 2006] [REVISED 24 Jan 2007] [REVISED 19 Apr 2007] ______________________________________________________________________________ PROBLEM: A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. PLATFORM: OpenSSL 0.9.7 before 0.9.7l OpenSSL 0.9.8 before 0.9.8d and earlier versions HP-UX B.11.00, B.11.11, B.11.23, and B.11.31 HP Tru64 UNIX v 5.1B-4, v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6, v 4.0G PK4, v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) DAMAGE: An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An attacker could gain the privileges of ASSESSMENT: the targeted user. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-001.shtml ORIGINAL BULLETIN: http://www.openssl.org/news/secadv_20060928.txt ADDITIONAL LINKS: Debian Security Advisory-1185 http://www.debian.org/security/2006/dsa-1185 Sun Alert ID: 102668 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1 Sun Alert ID: 102711 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1 Sun Alert ID: 102747 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1 Visit Hewlett-Packard's Subscription Service for: HPSBUX02174 SSRT061239 rev. 2 HPSBUX02186 SSRT071299 rev. 1 HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev. 1 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 ______________________________________________________________________________ REVISION HISTORY: 10/13/2006 - added a link to Sun Alert ID: 102668 for Sun N1 Grid Engine 6, Sun Grid Engine 5.3 11/10/2006 - added a link to Sun Alert ID: 102711 for Solaris 9 and 10 Operating Systems 11/14/2006 - revised to note that Sun Alert ID: 102711 updated its Impact and Contributing Factors sections 11/15/2006 - revised to correct the Platform versions affected by this vulnerability. 12/05/2006 - revised to add a link to Hewlett-Packard HPSBUX02174 SSRT061239 for HP-UX B.11.00 and B.11.23 12/13/2006 - added a link to Sun Alert ID: 102747 for the Solaris 10 operating system 01/24/2007 - revised to add a link to Hewlett-Packards Subscription Service for HPSBUX02186 SSRT071299 rev. 1 for HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01. 04/19/2007 - revised R-001 to add a link to Hewlett-Packards Subscription Service for HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1. [****** OpenSSL Security Advisory ******] OpenSSL Security Advisory [28th September 2006] New OpenSSL releases are now available to correct four security issues. ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940) ============================================================== Vulnerability ------------- Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered: 1. During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7) 2. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940). Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications. Acknowledgements ---------------- The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738) ======================================================== Vulnerability ------------- A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738). Acknowledgements ---------------- The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue. SSLv2 Client Crash (CVE-2006-4343) ================================== Vulnerability ------------- A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash (CVE-2006-4343). Acknowledgements ---------------- The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue. Recommendations =============== These vulnerabilities are resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7l (or later); - in the 0.9.8 branch, version 0.9.8d (or later). OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.8d.tar.gz MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2 o openssl-0.9.7l.tar.gz MD5 checksum: b21d6e10817ddeccf5fbe1379987333e SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d The checksums were calculated using the following commands: openssl md5 openssl-0.9*.tar.gz openssl sha1 openssl-0.9*.tar.gz After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. References ========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20060928.txt [****** OpenSSL Security Advisory ******] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of OpenSSL for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-317: Firefox Security Update Q-318: Usermin Programming Error Q-319: Gzip Security Update Q-320: Vulnerability in Vector Markup Language Q-321: PHP Security Update Q-323: AirPort Update 2006-001 and Apple Security Update 2006-005 Q-324: Cisco Guard Enables Cross Site Scripting Q-325: gnutls11 Cryptographic Weakness Q-326: Vulnerability in Vector Markup Language Q-327: Exploits of MDAC (MS06-014) Vulnerability in the Wild