Original release date: July 30, 2002<br>
Last revised: October 11, 2002<br>
Source: CERT/CC<br>
<p>A complete revision history can be found at the end of this file.</p>
<br>
<a name="affected"></a>
<h3>Systems Affected</h3>
<ul>
<li>OpenSSL prior to 0.9.6e, up to and including pre-release 0.9.7-beta2</li>
<li>OpenSSL pre-release 0.9.7-beta2 and prior with Kerberos
enabled</li>
<li>SSLeay library</li>
</ul>
<br>
<a name="overview"></a>
<h2>Overview</h2>
<p>
There are four remotely exploitable buffer overflows in OpenSSL.
There are also encoding problems in the ASN.1 library used by
OpenSSL. Several of these vulnerabilities could be used by a
remote attacker to execute arbitrary code on the target
system. All could be used to create denial of service.
</p>
<a name="description"></a>
<h2>I. Description</h2>
<p>
<a href="http://www.openssl.org">OpenSSL</a> is a widely
deployed, open source implementation of the Secure Sockets Layer
(<a href="http://www.netscape.com/eng/ssl3/">SSL v2/v3</a>) and
Transport Layer Security (<a
href="http://www.ietf.org/rfc/rfc2246.txt">TLS v1</a>) protocols
as well as a full-strength general purpose cryptography
library. The SSL and TLS protocols are used to provide a secure
connection between a client and a server for higher level
protocols such as HTTP. Four remotely exploitable
vulnerabilities exist in many OpenSSL client and server systems.
</p>
<p>
<b><a href="http://www.kb.cert.org/vuls/id/102795">VU#102795</a></b> - OpenSSL servers contain a buffer overflow
during the SSLv2 handshake process
</p>
<blockquote>
<p>
Versions of OpenSSL servers prior to 0.9.6e and pre-release
version 0.9.7-beta2 contain a remotely exploitable buffer
overflow vulnerability. This vulnerability can be exploited by a
client using a malformed key during the handshake process with an
SSL server connection. Note that only SSLv2-supported sessions
are affected by this issue.
</p>
<p>
This issue is also being referenced as <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656">CAN-2002-0656</a>.
</p>
</blockquote>
<p><b><a href="http://www.kb.cert.org/vuls/id/258555">VU#258555</a></b> - OpenSSL clients contain a buffer overflow during the
SSLv3 handshake process</p>
<blockquote>
<p>
OpenSSL clients using SSLv3 prior to version 0.9.6e and
pre-release version 0.9.7-beta2 contain a buffer overflow
vulnerability. A malicious server can exploit this by sending a
large session ID to the client during the handshake process.
</p>
<p>
This issue is also being referenced as <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656">CAN-2002-0656</a>.
</p>
</blockquote>
<p>
<b><a href="http://www.kb.cert.org/vuls/id/561275">VU#561275</a></b> - OpenSSL servers with Kerberos enabled contain
a remotely exploitable buffer overflow vulnerability during the
SSLv3 handshake process
</p>
<blockquote>
<p>
Servers running OpenSSL pre-release version 0.9.7 with Kerberos
enabled contain a remotely exploitable buffer overflow
vulnerability. This vulnerability can be exploited by a
malicious client sending a malformed key during the SSLv3
handshake process with the server.
</p>
<p>
This issue is also being referenced as <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657">CAN-2002-0657</a>.
</p>
</blockquote>
<p>
<b><a href="http://www.kb.cert.org/vuls/id/308891">VU#308891</a></b> - OpenSSL contains multiple buffer overflows in
buffers that are used to hold ASCII representations of integers
</p>
<blockquote>
<p>
OpenSSL clients and servers prior to version 0.9.6e and
pre-release version 0.9.7-beta2 contain multiple remotely
exploitable buffer overflow vulnerabilities if running on 64-bit
platforms. These buffers are used to hold ASCII representations
of integers.
</p>
<p>
This issue is also being referenced as <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655">CAN-2002-0655</a>.
</p>
</blockquote>
<p>
In addition, a separate issue has been identified in OpenSSL
involving malformed ASN.1 encodings. Affected components include
SSL or TLS applications, as well as S/MIME, PKCS#7, and
certificate creation routines.
</p>
<p>
<b><a href="http://www.kb.cert.org/vuls/id/748355">VU#748355</a></b> - ASN.1 encoding errors exist in implementations of
SSL, TLS, S/MIME, PKCS#7 routines
</p>
<blockquote>
<p>
The ASN.1 library used by OpenSSL has various encoding errors
that allow malformed certificate encodings to be parsed
incorrectly. Exploitation of this vulnerability can lead to
remote denial-of-service issues. Routines affected include those
supporting SSL and TLS applications, as well as those supporting
S/MIME, PKCS#7, and certificate creation.
</p>
<p>
This issue is also being referenced as <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659">CAN-2002-0659</a>.
</p>
</blockquote>
<p>
Although these vulnerabilities affect OpenSSL, other
implementations of the SSL protocol that use or share a common
code base may be affected. This includes implementations that are
derived from the <a
href="http://www.columbia.edu/~ariel/ssleay/">SSLeay library</a>
developed by Eric A. Young and Tim J. Hudson.
</p>
<p>
As noted in the <a
href="http://www.openssl.org/news/secadv_20020730.txt">OpenSSL
advisory</a> as well, sites running OpenSSL 0.9.6d servers on
32-bit platforms with SSLv2 handshaking disabled will not be
affected by any of the buffer overflows described above. However,
due to the nature of the ASN.1 encoding errors, such sites may
still be affected by denial-of-service situations.
</p>
<a name="impact"></a>
<h2>II. Impact</h2>
<p>
By exploiting the buffer overflows above, a remote attacker can
execute arbitrary code on a vulnerable server or client system or
cause a denial-of-service situation. Exploitation of the ASN.1
encoding errors can lead to a denial of service.
</p>
<br>
<a name="solution"></a>
<h2>III. Solution</h2>
<h4>Apply a patch from your vendor</h4>
<p>
<a href="#vendors">Appendix A</a> contains information provided
by vendors for this advisory. As vendors report new information
to the CERT/CC, we will update this section and note the changes
in our revision history. If a particular vendor is not listed
below or in the individual <a
href="http://www.kb.cert.org/vuls/">vulnerability notes</a>, we
have not received their comments. Please contact your vendor
directly.
</p>
<h4>Upgrade to version 0.9.6e of OpenSSL</h4>
<p>
Upgrade to version <a
href="http://www.openssl.org/source/">0.9.6e</a> of OpenSSL to
resolve the issues addressed in this advisory. As noted in the <a
href="http://www.openssl.org/news/secadv_20020730.txt">OpenSSL
advisory</a>, separate patches are available:<BR>
<blockquote>
Combined patches for OpenSSL 0.9.6d:<BR>
<a href="http://www.openssl.org/news/patch_20020730_0_9_6d.txt">http://www.openssl.org/news/patch_20020730_0_9_6d.txt</a>
</blockquote>
After either applying the patches above or upgrading to <a
href="http://www.openssl.org/source/">0.9.6e</a>, recompile all
applications using OpenSSL to support SSL or TLS services, and
restart said services or systems. This will eliminate all known
vulnerable code.
</p>
<p>
Sites running OpenSSL pre-release version 0.9.7-beta2 may wish
to upgrade to <a
href="http://www.openssl.org/source/">0.9.7-beta3</a>, which
corrects these vulnerabilities. Separate patches are available
as well:<BR>
<blockquote>
Combined patches for OpenSSL 0.9.7 beta 2:<BR>
<a href="http://www.openssl.org/news/patch_20020730_0_9_7.txt">http://www.openssl.org/news/patch_20020730_0_9_7.txt</a>
</blockquote>
</p>
<H4>Disable vulnerable applications or services</H4>
<p>
Until fixes for these vulnerabilities can be applied, disable all
applications that use vulnerable implementations of
OpenSSL. Systems with OpenSSL 0.9.7 pre-release with Kerberos
enabled also need to disable Kerberos to protect against <a
href="http://www.kb.cert.org/vuls/id/561275">VU#561275</a>. As a
best practice, the CERT/CC recommends disabling all services that
are not explicitly required. Before deciding to disable SSL or
TLS, carefully consider the impact that this will have on your
service requirements.
</p>
<p>
Disabling SSLv2 handshaking will prevent exploitation of <a
href="http://www.kb.cert.org/vuls/id/102795">VU#102795</a>. However,
due to the nature of the ASN.1 encoding errors, such sites would
still be vulnerable to denial-of-service attacks.
</p>
<a name="vendors"></a>
<h2>Appendix A. - Vendor Information</h2>
<p>
This appendix contains information provided by vendors for this
advisory. As vendors report new information to the CERT/CC, we
will update this section and note the changes in our revision
history. If a particular vendor is not listed below or in the
individual <a href="http://www.kb.cert.org/vuls/">vulnerability
notes</a>, we have not received their comments.
</p>
<a name="apple">
<H4>Apple Computer, Inc.</H4>
<blockquote>
The vulnerabilities described in this note are fixed with <a href="http://www.info.apple.com/usen/security/security_updates.html">Security
Update 2002-08-02.</a>
</blockquote>
<!-- end vendor -->
<a name="alcatel">
<H4>Alcatel</H4>
<P>
<blockquote>
In relation to this CERT advisory on security vulnerability in
OpenSSL, Alcatel has conducted an immediate assessment to determine
any impact this may have on our portfolio. A first analysis has shown
that various Alcatel products are affected: namely the 6600, 7700,
7800 and 8800 OmniSwitches, the OmniAccess 210 and the 7770
RCP. Alcatel is currently in the process of applying appropriate fixes
to those products. Customers may contact their Alcatel support
representative for more details. The security of our customers'
networks is of highest priority for Alcatel. Therefore we continue to
test our product portfolio against potential security vulnerabilities
in our products using OpenSSL and will provide updates if necessary.
</blockquote>
</P>
<!-- end vendor -->
<a name="covalent"></a>
<h4>Covalent Technologies</h4>
<blockquote>
<P>
Covalent Technologies has been informed by <a href="http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL_Products_Security_Bulletin_Aug_8_2002.pdf">RSA Security</a> that the BSAFE
libraries used in Covalent's SSL implementations are <a
href="http://www.kb.cert.org/vuls/id/JSHA-5DXQLX">potentially
vulnerable</a> to the SSL V2 negotiation issue detailed in <a
href="http://www.kb.cert.org/vuls/id/102795">VU#102795</a> and the related <a
href="http://www.cert.org/advisories/CA-2002-23">CA-2002-23</a> and <a
href="http://www.cert.org/advisories/CA-2002-27">CA-2002-27</a>
advisories. All Covalent products using SSL are affected. Covalent has
product updates and additional information available at:<br>
<blockquote><FONT FACE="monospace">
<a href="http://www.covalent.net/products/rotate.php?page=110">http://www.covalent.net/products/rotate.php?page=110</a>
</FONT></blockquote>
</P>
</blockquote>
<!-- end vendor -->
<a name="debian"></a>
<h4>Debian Project</h4>
<blockquote>
The Debian project has released <a
href="http://www.debian.org/security/2002/dsa-136">DSA 136</a> a while
ago which fixes this vulnerability. Here's the link:<BR>
<blockquote>
<a href="http://www.debian.org/security/2002/dsa-136">http://www.debian.org/security/2002/dsa-136</a>
</blockquote>
</blockquote>
<!-- end vendor -->
<a name="ibm">
<H4>IBM</H4>
<blockquote>
<p>IBM's AIX operating system does not ship with OpenSSL; however, OpenSSL is
available for installation on AIX via the Linux Affinity Toolkit. The
version included on the Toolkit CD is vulnerable to the issues discussed
here as will as the version of OpenSSL available for downloading from the
IBM Linux Affinity website. Anyone running this version is advised to
upgrade to the new version available from the website. This will be
available within the next few days and can be downloaded from
<blockquote>
<a href="http://www6.software.ibm.com/dl/aixtbx/aixtbx-p">http://www6.software.ibm.com/dl/aixtbx/aixtbx-p</a>
</blockquote>
<p>This site contains Linux Affinity applications using cryptographic
algorithms. New users to this site are asked to register first.
</blockquote>
<!-- end vendor -->
<a name="bind"></a>
<a name="isc"></a>
<H4>ISC</H4>
<blockquote>
<h5>ISC Vendor statement.</h5>
<p>
BIND 4, BIND 8 and BIND 9.0.x are not vulnerable.
</P>
<p>
BIND 9.1.x ship with a copy of the vulnerable sections of OpenSSL
crypto library (obj_dat.c and asn1_lib.c). Please upgrade to BIND
9.2.x and/or relink with a fixed version OpenSSL. e.g. configure
--with-openssl=/path/to/fixed/openssl Vendors shipping product based
on BIND 9.1 should contact bind-bugs@isc.org.
</P>
<p>
BIND 9.2.x is vulnerable if linked against a vulnerable library. By default
BIND 9.2 does not link against OpenSSL.
</P>
</blockquote>
<!-- end vendor -->
<a name="juniper"></a>
<H4>Juniper Networks</H4>
<blockquote>
<p>
Juniper has determined that our JUNOS Internet software (on
M- and T-series routers) and the software running on our
SDX and SSC products are potentially susceptible to the security
vulnerabilities in OpenSSL. Corrected software images will
be available for customer download shortly.
</P>
<p>
Software for our G10 CMTS product and our ERX products
is unaffected by these vulnerabilities.
</P>
</blockquote>
<!-- end vendor -->
<a name="lotus"></a>
<H4>Lotus Software</H4>
<blockquote>
Lotus products do not use OpenSSL or an SSLeay library, so they are not
vulnerable. We further analyzed our SSL implementation for the issues
reported in the advisory and determined that our products are not
vulnerable.
</blockquote>
<!-- end vendor -->
<a name="mandrakesoft"></a>
<H4>Mandrake Software</H4>
<blockquote>
Mandrake Linux update advisory MDKSA-2002:046-1 fixes all of these issues
in OpenSSL. Please see
<blockquote>
<a
href="http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-046-1.php">http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-046-1.php</a>
</blockquote>
</blockquote>
<a name="microsoft"></a>
<H4>Microsoft Corporation</H4>
<blockquote>
Microsoft products do not use the libraries in question. Microsoft products are not affected by this issue.
</blockquote>
<!-- end vendor -->
<a name="netbsd"></a>
<h4>NetBSD</h4>
<blockquote>
Please see <a href="ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-009.txt.asc">NetBSD-SA2002-009</a>
</blockquote>
<!-- end vendor -->
<a name="openldap"></a>
<h4>OpenLDAP</h4>
<blockquote>
<p>
The <a href="http://www.openldap.org/">OpenLDAP Project</a>
uses OpenSSL. Rebuilding OpenLDAP with updated versions of
OpenSSL should adequately address reported issues. Those
using packaged versions of OpenLDAP should contact the package
distributor for update information.
</p>
</blockquote>
<!-- end vendor -->
<a name="openssl"></a>
<h4>OpenSSL</h4>
<blockquote>
<p>
Please see <a
href="http://www.openssl.org/news/secadv_20020730.txt">http://www.openssl.org/news/secadv_20020730.txt</a>.
</p>
</blockquote>
<!-- end vendor -->
<a name="redhat"></a>
<h4>Red Hat</h4>
<blockquote>
<p>
Red Hat distributes affected versions of OpenSSL in all Red Hat
Linux distributions as well as the Stronghold web server. Red
Hat Linux errata packages that fix the above vulnerabilities
(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655">CAN-2002-0655</a> and <a href=""http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656">CAN-2002-0656</a>) are available from the URL
below. Users of the Red Hat Network are able to update their
systems using the 'up2date' tool. A future update will fix the
potential remote DOS in the ASN.1 encoding (<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659">CAN-2002-0659</a>)
<blockquote>
<a href="http://rhn.redhat.com/errata/RHSA-2002-155.html">http://rhn.redhat.com/errata/RHSA-2002-155.html</a>
</blockquote>
</p>
</blockquote>
<!-- end vendor -->
<a name="securecomputing"></a>
<h4>Secure Computing Corporation</h4>
<blockquote>
<p>
In response to the CERT Advisory CA-2002-23, Secure Computing has posted a
software patch for all users of the SafeWord PremierAccess version 3.1
authentication system. All existing and new customers are advised to
download and apply PremierAccess Patch 1. Patch 1(3.1.0.01) is available
for immediate web download at
<blockquote>
<a href="http://www.securecomputing.com/index.cfm?skey=1109">http://www.securecomputing.com/index.cfm?skey=1109</a>
</blockquote>
</p>
</blockquote>
<!-- end vendor -->
<hr noshade>
<p>
These vulnerabilities were discovered and reported by the following:
<ul>
<li><a href="http://www.kb.cert.org/vuls/id/102795">VU#102795</a> - discovered by <a
href="http://www.aldigital.co.uk/">A.L. Digital Ltd</a> and
independently discovered and reported by John McDonald of Neohapsis
</li>
<li><a href="http://www.kb.cert.org/vuls/id/258555">VU#258555</a>, <a
href="http://www.kb.cert.org/vuls/id/561275">VU#561275</a>,
<a href="http://www.kb.cert.org/vuls/id/308891">VU#308891</a> - discovered by <a
href="http://www.aldigital.co.uk/">A.L. Digital Ltd</a>
</li>
<li><a href="http://www.kb.cert.org/vuls/id/748355">VU#748355</a> - discovered by Adi Stav and James Yonan
independently
</li>
</ul>
</p>
<p>The CERT/CC thanks the OpenSSL team for the work they put into
their advisory, on which this document is largely based.
<hr noshade>
<p>
Feedback can be directed to the authors: <a
href="mailto:cert@cert.org?subject=CA-2002-23%20Feedback%20VU%23258555">Jason
A. Rafail, Cory F. Cohen, Jeffrey S. Havrilla, Shawn V. Hernan</a>.
</p>
<!--#include virtual="/include/footer_nocopyright.html" -->
<p>Copyright 2002 Carnegie Mellon University.</p>
<p><a name="revision">Revision History</a>
<pre>
July 30, 2002: Initial release
Aug 02, 2002: Added <a href="#ibm">IBM</a> statement from 07/31/2002
Aug 07, 2002: Added <a href="#netbsd">NetBSD</a> statement from 08/01/2002
Aug 07, 2002: Added <a href="#apple">Apple</a> statement from 08/02/2002
Aug 07, 2002: Added <a href="#lotus">Lotus</a> statement from 08/02/2002
Aug 07, 2002: Added <a href="#isc">ISC</a> statement from 07/31/2002
Aug 15, 2002: Added <a href="#juniper">Juniper</a> statement from 08/15/2002
Sep 17, 2002: Added <a href="#covalent">Covalent</a> statement from 09/16/2002
Sep 20, 2002: Added <a href="#alcatel">Alcatel</a> statement from 09/03/2002
Sep 23, 2002: Added <a href="#mandrakesoft">Mandrake Software</a> statement from 09/19/2002
Sep 26, 2002: Added <a href="#microsoft">Microsoft Corporation</a> statement from 09/25/2002
Sep 30, 2002: Added <a href="#securecomputing">Secure Computing Corporation</a> statement from 09/24/2002
Oct 11, 2002: Added <a href="#debian">Debian</a> statement from 10/08/2002
</pre>
</p>
|