SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Mandrake Issues Fix) OpenSSL ASN.1 Parsing Flaws Lets Remote User Crash Applications or Execute Arbitrary Code
SecurityTracker Alert ID:  1007853
SecurityTracker URL:  http://securitytracker.com/id/1007853
CVE Reference:   CAN-2003-0543, CAN-2003-0544, CAN-2003-0545   (Links to External Site)
Date:  Oct 1 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.7b and prior versions
Description:   Several vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. A remote user may be able to cause arbitrary code to be executed on a server application that uses OpenSSL.

It is reported that a remote user can send a specially crafted SSL client certificate containing invalid ASN.1 tag values to trigger a flaw in OpenSSL and cause OpenSSL to crash due to "out of bounds reads" (CVE: CAN-2003-0543 and CAN-2003-0544). These flaws affected 0.9.6 and 0.9.7. The specific impact depends on the application using OpenSSL. The report indicates that the effects against Apache (when using OpenSSL) are "limited" and only cause Apache httpd child processes to crash.

It is also reported that certain ASN.1 encodings detected to be invalid may trigger a double free of the ASN1_TYPE variable, deallocating memory that has already been deallocated (CVE: CAN-2003-0545). This flaw only affects 0.9.7. A remote user may be able to send a specially crafted SSL client certificate to an application that uses OpenSSL to potentially execute arbitrary code. The exact impact depends on how the application uses OpenSSL.

It is also reported that a remote user can specify an invalid public key in a certificate to cause the verify code to crash if the target server is configured to ignore public key decoding errors. The vendor notes that ignoring public key decoding errors is usually only done in debugging situations and not usually in production code. [Editor's note: A CVE number had not yet been assigned to this issue at the time of this entry.]

NISCC is credited with discovering these vulnerabilities.

The vendor reports a fourth related security issue, where an error in the SSL/TLS protocol handling will cause a server to parse a client certificate even when a client certificate is not specifically requested. As a result, any server application that uses OpenSSL can be attacked using the vulnerabilities described above, even if the server application does not enable client authentication.
Impact:   A remote user can cause an OpenSSL-based server process to crash.

A remote user can cause arbitrary code to be executed by an OpenSSL-based server process.

In both cases, the specific impact depends on how OpenSSL is used by the server process.
Solution:   Mandrake has released a fix.

Corporate Server 2.1:
ec80ef980212f5bf294f147e5bc19f76 corporate/2.1/RPMS/libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
1de4f2038f479b1b779d5b2c9320e8fb corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
4946dc25021ef97eb6513f3dd1dd16f6 corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
3d5e3a05ead47fafa59240be9efc87d2 corporate/2.1/RPMS/openssl-0.9.6i-1.6.90mdk.i586.rpm
6982c0adf01f00ea5d49deb24011c278 corporate/2.1/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

Corporate Server 2.1/x86_64:
eab60b3828aeec0e2717890e51a90e76 x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.6.90mdk.x86_64.rpm
19d8a676a11293d8e6acb429bed63a99 x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.x86_64.rpm
5eb3936b8fade73ca1c334d67edad3ae x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.x86_64.rpm
9df6c6e820719ac33744e1708621bdf3 x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.6.90mdk.x86_64.rpm
6982c0adf01f00ea5d49deb24011c278 x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

Mandrake Linux 8.2:
e8d13a3adbd679a0c1cd15dd28eb02f1 8.2/RPMS/libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
4b783a98f4cc48be8a6b680a92f374ce 8.2/RPMS/libopenssl0-devel-0.9.6i-1.5.82mdk.i586.rpm
0481e5edacc8985d7255266fd136ceba 8.2/RPMS/libopenssl0-static-devel-0.9.6i-1.5.82mdk.i586.rpm
93a47ac82a618905c7d4a6e0d276c586 8.2/RPMS/openssl-0.9.6i-1.5.82mdk.i586.rpm
15b7ba1d342ae3531964e60a186874d8 8.2/SRPMS/openssl-0.9.6i-1.5.82mdk.src.rpm

Mandrake Linux 9.0:
ec80ef980212f5bf294f147e5bc19f76 9.0/RPMS/libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
1de4f2038f479b1b779d5b2c9320e8fb 9.0/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
4946dc25021ef97eb6513f3dd1dd16f6 9.0/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
3d5e3a05ead47fafa59240be9efc87d2 9.0/RPMS/openssl-0.9.6i-1.6.90mdk.i586.rpm
6982c0adf01f00ea5d49deb24011c278 9.0/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

Mandrake Linux 9.1:
42365cfe8a9214a747bd1fa6329baec8 9.1/RPMS/libopenssl0-0.9.6i-1.2.91mdk.i586.rpm
a3a5046af719b864a337ce432e694a8b 9.1/RPMS/libopenssl0.9.7-0.9.7a-1.2.91mdk.i586.rpm
2e879f9d5349458c5653e97f20cf2218 9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.i586.rpm
cf9bc9fc1cce8841d3cdb1d9fcd8b313 9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.i586.rpm
b475cc257c14dbaccd9007afa14096f5 9.1/RPMS/openssl-0.9.7a-1.2.91mdk.i586.rpm
329bd3dd8cdfad6d445b4fbcc953dc91 9.1/SRPMS/openssl-0.9.7a-1.2.91mdk.src.rpm
9498e31ab37a4455f31827ce51afb221 9.1/SRPMS/openssl0.9.6-0.9.6i-1.2.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
915f8ab4ea91e0d876c9204b1f3699b0 ppc/9.1/RPMS/libopenssl0-0.9.6i-1.2.91mdk.ppc.rpm
fafb4ac4c88c321d3c8fb7fdba54bac4 ppc/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.2.91mdk.ppc.rpm
184be4bdf922fbc28b590a71b7cf8c10 ppc/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.ppc.rpm
09e1bd3c05323d10d8002a44dbbc85dd ppc/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.ppc.rpm
cfbcacc68e2585a5fcbbeb8c9fc3b0d7 ppc/9.1/RPMS/openssl-0.9.7a-1.2.91mdk.ppc.rpm
329bd3dd8cdfad6d445b4fbcc953dc91 ppc/9.1/SRPMS/openssl-0.9.7a-1.2.91mdk.src.rpm
9498e31ab37a4455f31827ce51afb221 ppc/9.1/SRPMS/openssl0.9.6-0.9.6i-1.2.91mdk.src.rpm

Mandrake Linux 9.2:
db717c9a2e8f98905290d341e799c7b2 9.2/RPMS/libopenssl0.9.7-0.9.7b-4.1.92mdk.i586.rpm
76ba7c153a75c5dcfeae9f9f16f001e4 9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-4.1.92mdk.i586.rpm
7655e50f898e4e4d368cd8e47d38806d 9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-4.1.92mdk.i586.rpm
3f846e75cfdbdd9e818376474e1e54c0 9.2/RPMS/openssl-0.9.7b-4.1.92mdk.i586.rpm
738181704cb49e34d982a5b4224cc66c 9.2/SRPMS/openssl-0.9.7b-4.1.92mdk.src.rpm

Multi Network Firewall 8.2:
e8d13a3adbd679a0c1cd15dd28eb02f1 mnf8.2/RPMS/libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
93a47ac82a618905c7d4a6e0d276c586 mnf8.2/RPMS/openssl-0.9.6i-1.5.82mdk.i586.rpm
15b7ba1d342ae3531964e60a186874d8 mnf8.2/SRPMS/openssl-0.9.6i-1.5.82mdk.src.rpm
Vendor URL:  www.openssl.org/news/secadv_20030930.txt (Links to External Site)
Cause:   Boundary error, Input validation error, State error
Underlying OS:   Linux (Mandriva/Mandrake)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 30 2003 OpenSSL ASN.1 Parsing Flaws Lets Remote User Crash Applications or Execute Arbitrary Code


 Source Message Contents
Date:  1 Oct 2003 05:16:35 -0000
Subject:  MDKSA-2003:098 - Updated openssl packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           openssl
Advisory ID:            MDKSA-2003:098
Date:                   September 30th, 2003

Affected versions:	8.2, 9.0, 9.1, 9.2, Corporate Server 2.1,
			Multi Network Firewall 8.2
________________________________________________________________________

Problem Description:

 Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The
 parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which
 could be triggered by a remote attacker by sending a carefully-crafted
 SSL client certificate to an application.  Depending upon the
 application targetted, the effects seen will vary; in some cases a DoS
 (Denial of Service) could be performed, in others nothing noticeable
 or adverse may happen.  These two vulnerabilities have been assigned
 CAN-2003-0543 and CAN-2003-0544.
 
 Additionally, NISCC discovered a third bug in OpenSSL 0.9.7.  Certain
 ASN.1 encodings that are rejected as invalid by the parser can trigger
 a bug in deallocation of a structure, leading to a double free.  This
 can be triggered by a remote attacker by sending a carefully-crafted
 SSL client certificate to an application.  This vulnerability may be
 exploitable to execute arbitrary code.  This vulnerability has been
 assigned CAN-2003-0545.
 
 The packages provided have been built with patches provided by the
 OpenSSL group that resolve these issues.
 
 A number of server applications such as OpenSSH and Apache that make
 use of OpenSSL need to be restarted after the update has been applied
 to ensure that they are protected from these issues.  Users are
 encouraged to restart all of these services or reboot their systems.
________________________________________________________________________

References:
  
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
  http://www.kb.cert.org/vuls/id/255484
  http://www.kb.cert.org/vuls/id/380864
  http://www.kb.cert.org/vuls/id/935264
  http://www.openssl.org/news/secadv_20030930.txt
  http://www.uniras.gov.uk/vuls/2003/006489/tls.htm
  http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
________________________________________________________________________

Updated Packages:
  
 Corporate Server 2.1:
 ec80ef980212f5bf294f147e5bc19f76  corporate/2.1/RPMS/libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
 1de4f2038f479b1b779d5b2c9320e8fb  corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
 4946dc25021ef97eb6513f3dd1dd16f6  corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
 3d5e3a05ead47fafa59240be9efc87d2  corporate/2.1/RPMS/openssl-0.9.6i-1.6.90mdk.i586.rpm
 6982c0adf01f00ea5d49deb24011c278  corporate/2.1/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

 Corporate Server 2.1/x86_64:
 eab60b3828aeec0e2717890e51a90e76  x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.6.90mdk.x86_64.rpm
 19d8a676a11293d8e6acb429bed63a99  x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.x86_64.rpm
 5eb3936b8fade73ca1c334d67edad3ae  x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.x86_64.rpm
 9df6c6e820719ac33744e1708621bdf3  x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.6.90mdk.x86_64.rpm
 6982c0adf01f00ea5d49deb24011c278  x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

 Mandrake Linux 8.2:
 e8d13a3adbd679a0c1cd15dd28eb02f1  8.2/RPMS/libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
 4b783a98f4cc48be8a6b680a92f374ce  8.2/RPMS/libopenssl0-devel-0.9.6i-1.5.82mdk.i586.rpm
 0481e5edacc8985d7255266fd136ceba  8.2/RPMS/libopenssl0-static-devel-0.9.6i-1.5.82mdk.i586.rpm
 93a47ac82a618905c7d4a6e0d276c586  8.2/RPMS/openssl-0.9.6i-1.5.82mdk.i586.rpm
 15b7ba1d342ae3531964e60a186874d8  8.2/SRPMS/openssl-0.9.6i-1.5.82mdk.src.rpm

 Mandrake Linux 9.0:
 ec80ef980212f5bf294f147e5bc19f76  9.0/RPMS/libopenssl0-0.9.6i-1.6.90mdk.i586.rpm
 1de4f2038f479b1b779d5b2c9320e8fb  9.0/RPMS/libopenssl0-devel-0.9.6i-1.6.90mdk.i586.rpm
 4946dc25021ef97eb6513f3dd1dd16f6  9.0/RPMS/libopenssl0-static-devel-0.9.6i-1.6.90mdk.i586.rpm
 3d5e3a05ead47fafa59240be9efc87d2  9.0/RPMS/openssl-0.9.6i-1.6.90mdk.i586.rpm
 6982c0adf01f00ea5d49deb24011c278  9.0/SRPMS/openssl-0.9.6i-1.6.90mdk.src.rpm

 Mandrake Linux 9.1:
 42365cfe8a9214a747bd1fa6329baec8  9.1/RPMS/libopenssl0-0.9.6i-1.2.91mdk.i586.rpm
 a3a5046af719b864a337ce432e694a8b  9.1/RPMS/libopenssl0.9.7-0.9.7a-1.2.91mdk.i586.rpm
 2e879f9d5349458c5653e97f20cf2218  9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.i586.rpm
 cf9bc9fc1cce8841d3cdb1d9fcd8b313  9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.i586.rpm
 b475cc257c14dbaccd9007afa14096f5  9.1/RPMS/openssl-0.9.7a-1.2.91mdk.i586.rpm
 329bd3dd8cdfad6d445b4fbcc953dc91  9.1/SRPMS/openssl-0.9.7a-1.2.91mdk.src.rpm
 9498e31ab37a4455f31827ce51afb221  9.1/SRPMS/openssl0.9.6-0.9.6i-1.2.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 915f8ab4ea91e0d876c9204b1f3699b0  ppc/9.1/RPMS/libopenssl0-0.9.6i-1.2.91mdk.ppc.rpm
 fafb4ac4c88c321d3c8fb7fdba54bac4  ppc/9.1/RPMS/libopenssl0.9.7-0.9.7a-1.2.91mdk.ppc.rpm
 184be4bdf922fbc28b590a71b7cf8c10  ppc/9.1/RPMS/libopenssl0.9.7-devel-0.9.7a-1.2.91mdk.ppc.rpm
 09e1bd3c05323d10d8002a44dbbc85dd  ppc/9.1/RPMS/libopenssl0.9.7-static-devel-0.9.7a-1.2.91mdk.ppc.rpm
 cfbcacc68e2585a5fcbbeb8c9fc3b0d7  ppc/9.1/RPMS/openssl-0.9.7a-1.2.91mdk.ppc.rpm
 329bd3dd8cdfad6d445b4fbcc953dc91  ppc/9.1/SRPMS/openssl-0.9.7a-1.2.91mdk.src.rpm
 9498e31ab37a4455f31827ce51afb221  ppc/9.1/SRPMS/openssl0.9.6-0.9.6i-1.2.91mdk.src.rpm

 Mandrake Linux 9.2:
 db717c9a2e8f98905290d341e799c7b2  9.2/RPMS/libopenssl0.9.7-0.9.7b-4.1.92mdk.i586.rpm
 76ba7c153a75c5dcfeae9f9f16f001e4  9.2/RPMS/libopenssl0.9.7-devel-0.9.7b-4.1.92mdk.i586.rpm
 7655e50f898e4e4d368cd8e47d38806d  9.2/RPMS/libopenssl0.9.7-static-devel-0.9.7b-4.1.92mdk.i586.rpm
 3f846e75cfdbdd9e818376474e1e54c0  9.2/RPMS/openssl-0.9.7b-4.1.92mdk.i586.rpm
 738181704cb49e34d982a5b4224cc66c  9.2/SRPMS/openssl-0.9.7b-4.1.92mdk.src.rpm

 Multi Network Firewall 8.2:
 e8d13a3adbd679a0c1cd15dd28eb02f1  mnf8.2/RPMS/libopenssl0-0.9.6i-1.5.82mdk.i586.rpm
 93a47ac82a618905c7d4a6e0d276c586  mnf8.2/RPMS/openssl-0.9.6i-1.5.82mdk.i586.rpm
 15b7ba1d342ae3531964e60a186874d8  mnf8.2/SRPMS/openssl-0.9.6i-1.5.82mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________

To upgrade automatically, use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

  http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/emMzmqjQ0CJFipgRAgz6AJ9wOxt7lA2wyZ9t4kUlmbIKeLq8pACgq5vV
RvuAK10PkmmQzzXKTz5f6KM=
=SSpZ
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC