LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-18-2004, 05:45 AM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
WARN: OpenSSL NULL Pointer Assignment vulnerability


OpenSSL full advisory: http://www.openssl.org/news/secadv_20040317.txt
CVE CAN: http://www.cve.mitre.org/cgi-bin/cve...=CAN-2004-0079
CISCO: http://www.cisco.com/warp/public/707...-openssl.shtml
RHL: https://rhn.redhat.com/errata/RHSA-2004-121.html
OpenBSD: http://www.openbsd.net/errata.html#openssl


OpenSSL Security Advisory [17 March 2004]

Updated versions of OpenSSL are now available which correct two
security issues:

1. Null-pointer assignment during SSL handshake
===============================================

Testing performed by the OpenSSL group using the Codenomicon TLS Test
Tool uncovered a null-pointer assignment in the
do_change_cipher_spec() function. A remote attacker could perform a
carefully crafted SSL/TLS handshake against a server that used the
OpenSSL library in such a way as to cause OpenSSL to crash. Depending
on the application this could lead to a denial of service.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0079 to this issue.

All versions of OpenSSL from 0.9.6c to 0.9.6l inclusive and from
0.9.7a to 0.9.7c inclusive are affected by this issue. Any
application that makes use of OpenSSL's SSL/TLS library may be
affected. Please contact your application vendor for details.


2. Out-of-bounds read affects Kerberos ciphersuites
===================================================

Stephen Henson discovered a flaw in SSL/TLS handshaking code when
using Kerberos ciphersuites. A remote attacker could perform a
carefully crafted SSL/TLS handshake against a server configured to use
Kerberos ciphersuites in such a way as to cause OpenSSL to crash.
Most applications have no ability to use Kerberos ciphersuites and
will therefore be unaffected.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0112 to this issue.

Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this
issue. Any application that makes use of OpenSSL's SSL/TLS library
may be affected. Please contact your application vendor for details.


Recommendations
---------------

Upgrade to OpenSSL 0.9.7d or 0.9.6m. Recompile any OpenSSL applications
statically linked to OpenSSL libraries.

OpenSSL 0.9.7d and OpenSSL 0.9.6m are available for download via HTTP and
FTP from the following master locations (you can find the various FTP
mirrors under http://www.openssl.org/source/mirror.html):

ftp://ftp.openssl.org/source/

The distribution file names are:

o openssl-0.9.7d.tar.gz
MD5 checksum: 1b49e90fc8a75c3a507c0a624529aca5

o openssl-0.9.6m.tar.gz [normal]
MD5 checksum: 1b63bfdca1c37837dddde9f1623498f9
o openssl-engine-0.9.6m.tar.gz [engine]
MD5 checksum: 4c39d2524bd466180f9077f8efddac8c

The checksums were calculated using the following command:

openssl md5 openssl-0.9*.tar.gz


Credits
-------

Patches for these issues were created by Dr Stephen Henson
(steve@openssl.org) of the OpenSSL core team. The OpenSSL team would
like to thank Codenomicon for supplying the TLS Test Tool which was
used to discover these vulnerabilities, and Joe Orton of Red Hat for
performing the majority of the testing.

References
----------

http://www.codenomicon.com/testtools/tls/
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0079
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0112

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20040317.txt
 
Old 03-18-2004, 12:11 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 270Reputation: 270Reputation: 270
For you Slackware users, you can download the two packages needed listed below:

[slackware-security] OpenSSL security update (SSA:2004-077-01)

Upgraded OpenSSL packages are available for Slackware 8.1, 9.0,
9.1, and -current. These fix two potential denial-of-service
issues in earlier versions of OpenSSL.

We recommend sites that use OpenSSL upgrade to the fixed packages
right away.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0079
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0112

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Wed Mar 17 14:41:42 PST 2004
patches/packages/openssl-0.9.7d-i486-1.tgz: Upgraded to openssl-0.9.7d.
patches/packages/openssl-solibs-0.9.7d-i486-1.tgz: Upgraded to
openssl-0.9.7d. This fixes two potential denial-of-service issues in
earlier versions of OpenSSL. For more details, see:
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0079
http://cve.mitre.org/cgi-bin/cvename...=CAN-2004-0112
(* Security fix *)
+--------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackwar....6m-i386-1.tgz
ftp://ftp.slackware.com/pub/slackwar....6m-i386-1.tgz

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackwar....7d-i386-1.tgz
ftp://ftp.slackware.com/pub/slackwar....7d-i386-1.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackwar....7d-i486-1.tgz
ftp://ftp.slackware.com/pub/slackwar....7d-i486-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackwar....7d-i486-1.tgz
ftp://ftp.slackware.com/pub/slackwar....7d-i486-1.tgz

Cheers,

-trickykid
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN PHP Vulnerability Capt_Caveman Linux - Security 0 07-04-2005 04:38 PM
kernel NULL pointer problem branden_burger Linux - General 0 04-06-2005 09:57 AM
WARN: Samba Vulnerability Capt_Caveman Linux - Security 0 12-17-2004 10:59 PM
Null Pointer vijeesh_ep Programming 3 08-13-2004 02:51 PM
NullLogic Null Webmail Format String Vulnerability Aivukazz Linux - Security 1 10-09-2002 02:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration