LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-30-2003, 07:33 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603Reputation: 2603
OpenSSL Advisory: ASN.1 parsing vulnerabilities


OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing
================================

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation
of SSL/TLS software when presented with a wide range of malformed client
certificates.

Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team
identified and prepared fixes for a number of vulnerabilities in the
OpenSSL ASN1 code when running the test suite.

A bug in OpenSSLs SSL/TLS protocol was also identified which causes
OpenSSL to parse a client certificate from an SSL/TLS client when it
should reject it as a protocol error.

Vulnerabilities
- ---------------

1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of service
attack. It is currently unknown whether this can be exploited to run
malicious code. This issue does not affect OpenSSL 0.9.6.

2. Unusual ASN.1 tag values can cause an out of bounds read under
certain circumstances, resulting in a denial of service vulnerability.

3. A malformed public key in a certificate will crash the verify code if
it is set to ignore public key decoding errors. Public key decode errors
are not normally ignored, except for debugging purposes, so this is
unlikely to affect production code. Exploitation of an affected
application would result in a denial of service vulnerability.

4. Due to an error in the SSL/TLS protocol handling, a server will parse
a client certificate when one is not specifically requested. This by
itself is not strictly speaking a vulnerability but it does mean that
*all* SSL/TLS servers that use OpenSSL can be attacked using
vulnerabilities 1, 2 and 3 even if they don't enable client authentication.

Who is affected?
- ----------------

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all
versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse
untrusted data. This includes all SSL or TLS applications, those using
S/MIME (PKCS#7) or certificate generation routines.

Recommendations
- ---------------

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications
statically linked to OpenSSL libraries.

References
- ----------

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename...=CAN-2003-0544

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20030930.txt
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some help with ASN.1 please genderbender Programming 2 11-29-2005 04:05 PM
Specific help with asn.1 > C++ (via snacc) coding genderbender Programming 0 11-29-2005 03:57 AM
Slackware Security Advisory php Linux - Security 0 11-04-2003 09:44 PM
Red Hat advisory, update tcpdump neo77777 Linux - Security 1 04-10-2002 01:40 AM
Red Hat Security Advisory Aussie Linux - Security 0 02-28-2002 12:12 AM


All times are GMT -5. The time now is 10:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration