SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
(Slackware Issues Fix) OpenSSL ASN.1 Parsing Flaws Lets Remote User Crash Applications or Execute Arbitrary Code
SecurityTracker Alert ID:  1007859
SecurityTracker URL:  http://securitytracker.com/id/1007859
CVE Reference:   CAN-2003-0543, CAN-2003-0544, CAN-2003-0545   (Links to External Site)
Date:  Oct 1 2003
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.7b and prior versions
Description:   Several vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. A remote user may be able to cause arbitrary code to be executed on a server application that uses OpenSSL.

It is reported that a remote user can send a specially crafted SSL client certificate containing invalid ASN.1 tag values to trigger a flaw in OpenSSL and cause OpenSSL to crash due to "out of bounds reads" (CVE: CAN-2003-0543 and CAN-2003-0544). These flaws affected 0.9.6 and 0.9.7. The specific impact depends on the application using OpenSSL. The report indicates that the effects against Apache (when using OpenSSL) are "limited" and only cause Apache httpd child processes to crash.

It is also reported that certain ASN.1 encodings detected to be invalid may trigger a double free of the ASN1_TYPE variable, deallocating memory that has already been deallocated (CVE: CAN-2003-0545). This flaw only affects 0.9.7. A remote user may be able to send a specially crafted SSL client certificate to an application that uses OpenSSL to potentially execute arbitrary code. The exact impact depends on how the application uses OpenSSL.

It is also reported that a remote user can specify an invalid public key in a certificate to cause the verify code to crash if the target server is configured to ignore public key decoding errors. The vendor notes that ignoring public key decoding errors is usually only done in debugging situations and not usually in production code. [Editor's note: A CVE number had not yet been assigned to this issue at the time of this entry.]

NISCC is credited with discovering these vulnerabilities.

The vendor reports a fourth related security issue, where an error in the SSL/TLS protocol handling will cause a server to parse a client certificate even when a client certificate is not specifically requested. As a result, any server application that uses OpenSSL can be attacked using the vulnerabilities described above, even if the server application does not enable client authentication.
Impact:   A remote user can cause an OpenSSL-based server process to crash.

A remote user can cause arbitrary code to be executed by an OpenSSL-based server process.

In both cases, the specific impact depends on how OpenSSL is used by the server process.
Solution:   Slackware has released a fix:

Updated packages for Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6k-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6k-i386-1.tgz

Updated packages for Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7c-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7c-i386-1.tgz

Updated packages for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7c-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7c-i486-1.tgz

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.7c-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.7c-i486-1.tgz

The MD5 signatures are:

Slackware 8.1 packages:
b16847083943c529ff63a07331d1818f openssl-0.9.6k-i386-1.tgz
a371561b0f2148149abc662d02b17381 openssl-solibs-0.9.6k-i386-1.tgz

Slackware 9.0 packages:
1a45090e4e432884de48beae5dfae540 openssl-0.9.7c-i386-1.tgz
04629d814bd468b0b9e4f7da3df92752 openssl-solibs-0.9.7c-i386-1.tgz

Slackware 9.1 packages:
49dbc64a43633bedb3ff8e5be93e7c6a openssl-0.9.7c-i486-1.tgz
7598ad83ffd12e5b8e34dcf60fb18e1d openssl-solibs-0.9.7c-i486-1.tgz

Slackware -current packages:
49dbc64a43633bedb3ff8e5be93e7c6a openssl-0.9.7c-i486-1.tgz
7598ad83ffd12e5b8e34dcf60fb18e1d openssl-solibs-0.9.7c-i486-1.tgz

To install, upgrade using upgradepkg (as root):

# upgradepkg openssl-0.9.7c-i486-1.tgz openssl-solibs-0.9.7c-i486-1.tgz
Vendor URL:  www.openssl.org/news/secadv_20030930.txt (Links to External Site)
Cause:   Boundary error, Input validation error, State error
Underlying OS:   Linux (Slackware)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 30 2003 OpenSSL ASN.1 Parsing Flaws Lets Remote User Crash Applications or Execute Arbitrary Code


 Source Message Contents
Date:  Tue, 30 Sep 2003 22:48:55 -0700 (PDT)
Subject:  [slackware-security] OpenSSL security update (SSA:2003-273-01)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  OpenSSL security update (SSA:2003-273-01)

Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,
9.1, and -current.  These fix problems with ASN.1 parsing which
could lead to a denial of service.  It is not known whether the
problems could lead to the running of malicious code on the
server, but it has not been ruled out.

We recommend sites that use OpenSSL upgrade to the fixed packages
right away.


Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Tue Sep 30 16:16:35 PDT 2003
patches/packages/openssl-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL 0.9.7c.
patches/packages/openssl-solibs-0.9.7c-i486-1.tgz:  Upgraded to OpenSSL 0.9.7c.
  This update fixes problems with OpenSSL's ASN.1 parsing which could lead to
  a denial of service.  It is not known whether the problems could lead to the
  running of malicious code on the server, but it has not been ruled out.
  For detailed information, see OpenSSL's security advisory:
    http://www.openssl.org/news/secadv_20030930.txt
  We recommend sites that use OpenSSL upgrade to the fixed packages right away.
  (* Security fix *)
+--------------------------+


WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-0.9.6k-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssl-solibs-0.9.6k-i386-1.tgz

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7c-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7c-i386-1.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7c-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7c-i486-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.7c-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.7c-i486-1.tgz


MD5 SIGNATURES:
+-------------+

Slackware 8.1 packages:
b16847083943c529ff63a07331d1818f  openssl-0.9.6k-i386-1.tgz
a371561b0f2148149abc662d02b17381  openssl-solibs-0.9.6k-i386-1.tgz

Slackware 9.0 packages:
1a45090e4e432884de48beae5dfae540  openssl-0.9.7c-i386-1.tgz
04629d814bd468b0b9e4f7da3df92752  openssl-solibs-0.9.7c-i386-1.tgz

Slackware 9.1 packages:
49dbc64a43633bedb3ff8e5be93e7c6a  openssl-0.9.7c-i486-1.tgz
7598ad83ffd12e5b8e34dcf60fb18e1d  openssl-solibs-0.9.7c-i486-1.tgz

Slackware -current packages:
49dbc64a43633bedb3ff8e5be93e7c6a  openssl-0.9.7c-i486-1.tgz
7598ad83ffd12e5b8e34dcf60fb18e1d  openssl-solibs-0.9.7c-i486-1.tgz


INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade using upgradepkg (as root):
# upgradepkg openssl-0.9.7c-i486-1.tgz openssl-solibs-0.9.7c-i486-1.tgz



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/eijPakRjwEAQIjMRAtifAJ9emfNpGCpObxaXqVzC8XIkg9FTSgCfaz8n
h/ea1OLFkXhGFxME/PnlCDQ=
=HSN8
-----END PGP SIGNATURE-----


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC