Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1026485 |
|
SecurityTracker URL: http://securitytracker.com/id/1026485
|
|
CVE Reference:
CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0027, CVE-2012-0390
(Links to External Site)
|
Updated: Jan 19 2012
|
Original Entry Date: Jan 5 2012
|
Impact:
Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 0.9.8s; 1.x prior to 1.0.0f
|
Description:
Several vulnerabilities were reported in OpenSSL. A remote user can cause denial of service conditions. A remote user can obtain sensitive information. A remote user may be able to execute arbitrary code on the target system.
A remote user can conduct an efficient plaintext recovery attack against the OpenSSL implementation of Datagram Transport Layer Security (DTLS) [CVE-2011-4108, CVE-2012-0390]. Nadhem Alfardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London (www.isg.rhul.ac.uk) reported this vulnerability.
A remote user can trigger a double-free memory error when a policy check fails [CVE-2011-4109]. Version 0.9.8 systems with the X509_V_FLAG_POLICY_CHECK set are affected. Ben Laurie reported this vulnerability.
The bytes used as block cipher padding in SSL 3.0 records are not cleared. A remote user may be able to conduct a SSL 3.0 handshake to obtain memory contents [CVE-2011-4576]. Adam Langley reported this vulnerability.
Specially crafted RFC 3779 data within a certificate may cause an assertion failure [CVE-2011-4577]. System builds configured with "enable-rfc3779" are affected. Andrew Chi, BBN Technologies, reported this vulnerability.
A remote user can exploit a flaw in handshake restarts for server gated cryptography (SGC) to cause denial of service conditions on the target system [CVE-2011-4619]. Adam Langley reported this vulnerability.
A remote user can send specially crafted GOST parameters to cause the target server to crash [CVE-2012-0027]. OpenSSL GOST ENGINE users are affected. Andrey Kulikov reported this vulnerability.
|
Impact:
A remote user may be able to execute arbitrary code on the target system.
A remote user can cause the target server to crash.
A remote user can obtain plaintext in certain cases.
|
Solution:
The vendor has issued a fix (0.9.8s, 1.0.0f).
The vendor's advisory is available at:
http://openssl.org/news/secadv_20120104.txt
[Editor's note: The fix for CVE-2011-4108 introduces a new vulnerability [see CVE-2012-0050; Alert ID 1026548].
|
Vendor URL: openssl.org/news/secadv_20120104.txt (Links to External Site)
|
Cause:
Access control error, Exception handling error, Input validation error, State error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Jan 25 2012 |
(Red Hat Issues Fix) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
(bugzilla@redhat.com)
Red Hat has issued a fix for for Red Hat Enterprise Linux 5.
|
|
Jan 25 2012 |
(Red Hat Issues Fix) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
(bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
|
|
Jan 25 2012 |
(HP Issues Fix for HP-UX) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
(security-alert@hp.com)
HP has issued a fix for HP-UX 11.11, 11.23, and 11.31.
|
|
Feb 1 2012 |
(Red Hat Issues Fix) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
(bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 4.
|
|
Feb 10 2012 |
(Attachmate Issues Fix for Reflection) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
Attachmate has issued a fix for CVE-2011-4576 for Reflection.
|
|
Mar 6 2012 |
(Gentoo Issues Fix) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
(Sean Amoss <ackle@gentoo.org>)
Gentoo has issued a fix.
|
|
Mar 22 2012 |
(IBM Issues Fix for AIX) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
IBM issues fix for IBM AIX 5.3, 6.1, and 7.1.
|
|
May 3 2012 |
(FreeBSD Issues Fix) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
(FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 7.4, 8.1, 8.2, 8.3, and 9.0.
|
|
May 31 2012 |
(FreeBSD Issues Fix) OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
(FreeBSD Security Advisories <security-advisories@freebsd.org>)
FreeBSD has issued a fix for FreeBSD 7.4, 8.1, 8.2, 8.3, and 9.0.
|
|
Source Message Contents
|
Date: Thu, 05 Jan 2012 18:03:01 +0000
Subject: OpenSSL
|
http://openssl.org/news/secadv_20120104.txt
OpenSSL Security Advisory [04 Jan 2012]
=======================================
Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s.
DTLS Plaintext Recovery Attack (CVE-2011-4108)
==============================================
Nadhem Alfardan and Kenny Paterson have discovered an extension of the
Vaudenay padding oracle attack on CBC mode encryption which enables an
efficient plaintext recovery attack against the OpenSSL implementation
of DTLS. Their attack exploits timing differences arising during
decryption processing. A research paper describing this attack can be
found at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
Security Group at Royal Holloway, University of London
(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
<seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
for preparing the fix.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Double-free in Policy Checks (CVE-2011-4109)
============================================
If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy
check failure can lead to a double-free. The bug does not occur
unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
This flaw was discovered by Ben Laurie and a fix provided by Emilia
Kasper <ekasper@google.com> of Google.
Affected users should upgrade to OpenSSL 0.9.8s.
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
=============================================
OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as
block cipher padding in SSL 3.0 records. This affects both clients and
servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with
SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does
not affect TLS.
As a result, in each record, up to 15 bytes of uninitialized memory
may be sent, encrypted, to the SSL peer. This could include sensitive
contents of previously freed memory.
However, in practice, most deployments do not use
SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per
connection. That write buffer is partially filled with non-sensitive,
handshake data at the beginning of the connection and, thereafter,
only records which are longer any any previously sent record leak any
non-encrypted data. This, combined with the small number of bytes
leaked per record, serves to limit to severity of this issue.
Thanks to Adam Langley <agl@chromium.org> for identifying and fixing
this issue.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
====================================================================
RFC 3779 data can be included in certificates, and if it is malformed,
may trigger an assertion failure. This could be used in a
denial-of-service attack.
Note, however, that in the standard release of OpenSSL, RFC 3779
support is disabled by default, and in this case OpenSSL is not
vulnerable. Builds of OpenSSL are vulnerable if configured with
"enable-rfc3779".
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw, and
Rob Austein <sra@hactrn.net> for fixing it.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
SGC Restart DoS Attack (CVE-2011-4619)
======================================
Support for handshake restarts for server gated cryptograpy (SGC) can
be used in a denial-of-service attack.
Thanks to Adam Langley <agl@chromium.org> for identifying and fixing
this issue.
Affected users should upgrade to OpenSSL 1.0.0f or 0.9.8s.
Invalid GOST parameters DoS Attack (CVE-2012-0027)
===================================================
A malicious TLS client can send an invalid set of GOST parameters
which will cause the server to crash due to lack of error checking.
This could be used in a denial-of-service attack.
Only users of the OpenSSL GOST ENGINE are affected by this bug.
Thanks to Andrey Kulikov <amdeich@gmail.com> for identifying and fixing
this issue.
Affected users should upgrade to OpenSSL 1.0.0f.
References
==========
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120104.txt
|
|
Go to the Top of This SecurityTracker Archive Page
|
