SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   OpenSSL Vendors:   OpenSSL.org
OpenSSL ASN.1 Parsing Recursion May Let Remote Users Crash OpenSSL-based Applications
SecurityTracker Alert ID:  1008095
SecurityTracker URL:  http://securitytracker.com/id/1008095
CVE Reference:   CAN-2003-0851   (Links to External Site)
Date:  Nov 4 2003
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.9.6k
Description:   Another ASN.1 parsing vulnerability was reported in OpenSSL. A remote user can cause OpenSSL to crash when running on a Windows-based operating system.

It is reported that a remote user can send certain ASN.1 sequences to cause a large recursion. On some operating system platforms (such as Windows), this will result in a crash, the report said.

One example method of triggering the flaw is to send a specially crafted client certificate to an OpenSSL-based server that is configured to accept client certificates, according to the report.

Version 0.9.7 is reportedly not affected.

Novell Inc. is credited with discovering this flaw.
Impact:   A remote user can cause OpenSSL to crash.
Solution:   The vendor has issued a fixed version (0.9.6l) and recommends upgrading to that version or to version 0.9.7c. The vendor reminds you that you must recompile any OpenSSL-based applications that are statically linked to OpenSSL libraries.

The fixed version is available at:

http://www.openssl.org/source/
ftp://ftp.openssl.org/source/

The distribution file name is:

openssl-0.9.6l.tar.gz [normal]
MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27

openssl-engine-0.9.6l.tar.gz [engine]
MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c

The checksums were calculated using the following command:

openssl md5 < openssl-0.9.6l.tar.gz
openssl md5 < openssl-engine-0.9.6l.tar.gz
Vendor URL:  www.openssl.org/news/secadv_20031104.txt (Links to External Site)
Cause:   Resource error, State error
Underlying OS:   Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 5 2003 (EnGarde Issues Fix) OpenSSL ASN.1 Parsing Recursion May Let Remote Users Crash OpenSSL-based Applications   (engarde-announce-admins@guardiandigital.com)
Guardian Digital has released a fix for EnGarde Secure Linux.
Nov 20 2003 (Apple Issues Fix for OS X) OpenSSL ASN.1 Parsing Recursion May Let Remote Users Crash OpenSSL-based Applications   (Product Security <product-security@apple.com>)
Apple has released a fix for Mac OS X 10.2 and 10.3
Dec 4 2003 (SGI Issues Fix) OpenSSL ASN.1 Parsing Recursion May Let Remote Users Crash OpenSSL-based Applications   (SGI Security Coordinator <agent99@sgi.com>)
SGI has issued a fix for IRIX.
Mar 17 2004 (RedHat Issues Fix for RH Enterprise Linux) OpenSSL ASN.1 Parsing Recursion May Let Remote Users Crash OpenSSL-based Applications   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 2.1.
Mar 23 2004 (Fedora Issues Fix) OpenSSL ASN.1 Parsing Recursion May Let Remote Users Crash OpenSSL-based Applications   (Joe Orton <jorton@redhat.com>)
Fedora has released a fix.
May 10 2004 (Red Hat Issues Fix for RH Linux) OpenSSL ASN.1 Parsing Recursion May Let Remote Users Crash OpenSSL-based Applications   (Jesse Keating <jkeating@j2solutions.net>)
Red Hat has issued a fix for Red Hat Linux 7.2, 7.3, and 8.0.


 Source Message Contents
Date:  Tue, 04 Nov 2003 08:48:15 -0500
Subject:  http://www.openssl.org/news/secadv_20031104.txt


http://www.openssl.org/news/secadv_20031104.txt

OpenSSL Security Advisory [4 November 2003]

Denial of Service in ASN.1 parsing
==================================

Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to
address various ASN.1 issues.  The issues were found using a test
suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson
(steve@openssl.org) of the OpenSSL core team.

Subsequent to that release, Novell Inc. carried out further testing
using the NISCC suite.  They discovered that there was a denial of
service vulnerability in OpenSSL version 0.9.6k when running on a
Windows platform.

A bug in OpenSSL 0.9.6 would cause certain ASN.1 sequences to trigger
a large recursion.  On platforms such as Windows this large recursion
cannot be handled correctly and so the bug causes OpenSSL to crash.  A
remote attacker could exploit this flaw if they can send arbitrary
ASN.1 sequences which would cause OpenSSL to crash.  This could be
performed for example by sending a client certificate to a SSL/TLS
enabled server which is configured to accept them.

We do not believe this issue could be exploited further than a Denial
of Service attack.

Patches for this issue have been created by Dr Stephen Henson
(steve@openssl.org) of the OpenSSL core team.

Who is affected?
----------------

OpenSSL 0.9.6k is affected by the bug, but the denial of service does
not affect all platforms.  This issue does not affect OpenSSL 0.9.7.
Currently only OpenSSL running on Windows platforms is known to crash.

Recommendations
---------------

Upgrade to OpenSSL 0.9.6l or 0.9.7c.  Recompile any OpenSSL
applications statically linked to OpenSSL libraries.

OpenSSL 0.9.6l is available for download via HTTP and FTP from the
following master locations (you can find the various FTP mirrors under
http://www.openssl.org/source/mirror.html):

     o http://www.openssl.org/source/
     o ftp://ftp.openssl.org/source/

The distribution file name is:

     o openssl-0.9.6l.tar.gz [normal]
       MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27
     o openssl-engine-0.9.6l.tar.gz [engine]
       MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c

The checksums were calculated using the following command:

     openssl md5 < openssl-0.9.6l.tar.gz
     openssl md5 < openssl-engine-0.9.6l.tar.gz

References
----------

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0851 to this issue.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20031104.txt


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC