Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
(IBM Issues Fix for AIX) OpenSSL Buffer Overflow in TLS Server Extension Parsing May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1026281|
SecurityTracker URL: http://securitytracker.com/id/1026281
(Links to External Site)
Date: Nov 5 2011
Denial of service via network, Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 0.9.8f through 0.9.8o; also 1.0.0, 1.0.0a|
A vulnerability was reported in OpenSSL. A remote user can cause denial of service conditions. A remote user may be able to execute arbitrary code on the target system.|
A remote user can send specially crafted data to exploit a TLS extension parsing race condition and trigger a buffer overflow, causing the target service to crash or potentially execute arbitrary code.
Multi-threaded TLS server applications that use OpenSSL's internal caching mechanism are affected.
The Apache HTTP server and Stunnel are not affected.
Rob Hulswit reported this vulnerability.
A remote user may be able to execute arbitrary code on the target system.|
A remote user can cause denial of service conditions.
IBM has issued a fix for AIX.|
The IBM advisory is available at:
Vendor URL: www.openssl.org/news/secadv_20101116.txt (Links to External Site)
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Date: Sat, 05 Nov 2011 04:10:51 +0000|
Subject: IBM AIX
-----BEGIN PGP SIGNED MESSAGE-----
IBM SECURITY ADVISORY
First Issued: Thu Nov 4 15:00:40 CDT 2011
The most recent version of this document is available here:
VULNERABILITY: Multiple OpenSSL vulnerabilities
PLATFORMS: AIX 5.3, 6.1, 7.1, and earlier releases
SOLUTION: Apply the fix as described below.
THREAT: See below
CVE Numbers: CVE-2011-0014
I. DESCRIPTION (from cve.mitre.org)
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c
allows remote attackers to cause a denial of service (crash), and possibly
obtain sensitive information in applications that use OpenSSL, via a mal-
formed ClientHello handshake message that triggers an out-of-bounds memory
access, aka "OCSP stapling vulnerability."
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o,
1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on
a TLS server, might allow remote attackers to execute arbitrary code via
client data that triggers a heap-based buffer overflow, related to (1) the
TLS server name extension and (2) elliptic curve cryptography.
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly
prevent modification of the ciphersuite in the session cache, which allows
remote attackers to force the downgrade to an unintended cipher via vectors
involving sniffing network traffic to discover a session identifier.
Please see the following for more information:
II. PLATFORM VULNERABILITY ASSESSMENT
To determine if your system is vulnerable, execute the following
lslpp -L openssl.base
The following fileset levels are vulnerable:
AIX 7.1, 6.1, 5.3: all versions less than or equal 0.9.8.1103
AIX 7.1, 6.1, 5.3: FIPS capable versions less than or equal 184.108.40.2063
AIX 5.2: all versions less than or equal 0.9.8.806
IMPORTANT: If AIX OpenSSH is in use, it must be updated to version
5.0 or later when updating OpenSSL.
AIX OpenSSH can be downloaded from:
A fix is available, and it can be downloaded from:
To extract the fixes from the tar file:
zcat openssl.0.9.8.1302.tar.Z | tar xvf -
zcat openssl-fips.220.127.116.112.tar.Z | tar xvf -
zcat openssl.0.9.8.808.tar.Z | tar xvf -
IMPORTANT: If possible, it is recommended that a mksysb backup
of the system be created. Verify it is both bootable and
readable before proceeding.
To preview the fix installation:
installp -apYd . openssl
To install the fix package:
installp -aXYd . openssl
There are no workarounds.
V. CONTACT INFORMATION
If you would like to receive AIX Security Advisories via email,
and click on the "My notifications" link.
To view previously issued advisories, please visit:
Comments regarding the content of this announcement can be
To obtain the PGP public key that can be used to communicate
securely with the AIX Security Team you can either:
A. Send an email with "get key" in the subject line to:
B. Download the key from our web page:
C. Download the key from a PGP Public Key Server. The key ID is:
Please contact your local IBM AIX support center for any
eServer is a trademark of International Business Machines
Corporation. IBM, AIX and pSeries are registered trademarks of
International Business Machines Corporation. All other trademarks
are property of their respective holders.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (AIX)
-----END PGP SIGNATURE-----
Go to the Top of This SecurityTracker Archive Page