10769888 2003-10-01 19:28 -0400 /492 rader/ CERT Advisory <cert-advisory@cert.org>
Sänt av: bellman@lysator.liu.se
Importerad: 2003-10-02 01:59 av Brevbäraren
Extern mottagare: cert-advisory@cert.org
Mottagare: Bugtraq (import) <29368>
Sänt: 2003-10-02 19:01
Ärende: CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations
------------------------------------------------------------
From: CERT Advisory <cert-advisory@cert.org>
To: cert-advisory@cert.org
Message-ID: <CA-2003-26.1@cert.org>
-----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS
Implementations
Original issue date: October 1, 2003
Last revised: --
Source: CERT/CC
A complete revision history is at the end of this file.
Systems Affected
* OpenSSL versions prior to 0.9.7c and 0.9.6k
* Multiple SSL/TLS implementations
* SSLeay library
Overview
There are multiple vulnerabilities in different implementations of the
Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
protocols. These vulnerabilities occur primarily in Abstract Syntax
Notation One (ASN.1) parsing code. The most serious vulnerabilities
may allow a remote attacker to execute arbitrary code. The common
impact is denial of service.
I. Description
SSL and TLS are used to provide authentication, encryption, and
integrity services to higher-level network applications such as HTTP.
Cryptographic elements used by the protocols, such as X.509
certificates, are represented as ASN.1 objects. In order to encode and
decode these objects, many SSL and TLS implementations (and
cryptographic libraries) include ASN.1 parsers.
OpenSSL is a widely-deployed open source implementation of the SSL
and TLS protocols. OpenSSL also provides a general-purpose
cryptographic library that includes an ASN.1 parser.
The U.K. National Infrastructure Security Co-ordination Centre (NISCC)
has developed a test suite to analyze the way SSL and TLS
implementations handle exceptional ASN.1 objects contained in client
and server certificate messages. Although the test suite focuses on
certificate messages, any untrusted ASN.1 element may be used as an
attack vector. An advisory from OpenSSL describes as vulnerable "Any
application that makes use of OpenSSL's ASN1 library to parse
untrusted data. This includes all SSL or TLS applications, those using
S/MIME (PKCS#7) or certificate generation routines."
There are two certificate message attack vectors. An attacker can send
crafted client certificate messages to a server, or attempt to cause a
client to connect to a server under the attacker's control. When the
client connects, the attacker can deliver a crafted server certificate
message. Note that the standards for TLS (RFC 2246) and SSL 3.0 state
that a client certificate message "...is only sent if the server
requests a certificate." To reduce exposure to these types of attacks,
an SSL/TLS server should ignore unsolicited client certificate
messages (VU#732952).
NISCC has published two advisories describing vulnerabilities in
OpenSSL (006489/OpenSSL) and other SSL/TLS implementations
(006489/TLS). The second advisory covers multiple vulnerabilities in
many vendors' products. Further details, including vendor status
information, are available in the following vulnerability notes.
VU#935264 - OpenSSL ASN.1 parser insecure memory deallocation A
vulnerability in the way OpenSSL deallocates memory used to
store ASN.1 structures could allow a remote attacker to execute
arbitrary code with the privileges of the process using the
OpenSSL library. (Other resources: NISCC/006490/OpenSSL/3,
OpenSSL #1, CAN-2003-0545)
VU#255484 - OpenSSL contains integer overflow handling ASN.1 tags
(1) An integer overflow vulnerability in the way OpenSSL
handles ASN.1 tags could allow a remote attacker to cause a
denial of service. (Other resources: NISCC/006490/OpenSSL/1,
OpenSSL #2, CAN-2003-0543)
VU#380864 - OpenSSL contains integer overflow handling ASN.1 tags
(2) A second integer overflow vulnerability in the way OpenSSL
handles ASN.1 tags could allow a remote attacker to cause a
denial of service. (Other resources: NISCC/006490/OpenSSL/1,
OpenSSL #2, CAN-2003-0544)
VU#686224 - OpenSSL does not securely handle invalid public key
when configured to ignore errors A vulnerability in the way
OpenSSL handles invalid public keys in client certificate
messages could allow a remote attacker to cause a denial of
service. This vulnerability requires as a precondition that an
application is configured to ignore public key decoding
errors, which is not typically the case on production systems.
(Other resources: NISCC/006490/OpenSSL/2, OpenSSL #3)
VU#732952 - OpenSSL accepts unsolicited client certificate
messages OpenSSL accepts unsolicited client certificate
messages. This could allow an attacker to exploit underlying
flaws in client certificate handling, such as the vulnerabilities
listed above. (Other resources: OpenSSL #4)
VU#104280 - Multiple vulnerabilities in SSL/TLS implementations
Multiple vulnerabilities exist in different vendors' SSL/TLS
implementations. The impacts of these vulnerabilities include remote
execution of arbitrary code, denial of service, and disclosure of
sensitive information. VU#104280 covers an undefined set of
vulnerabilities that affect SSL/TLS implementations from many
different vendors.
(Other resources: NISCC/006490/TLS)
II. Impact
The impacts of these vulnerabilities vary. In almost all, a remote
attacker could cause a denial of service. For at least one
vulnerability in OpenSSL (VU#935264), a remote attacker may be able to
execute arbitrary code. Please see Appendix A, the Systems Affected
section of VU#104280, and the OpenSSL vulnerability notes for details.
III. Solution
Upgrade or apply a patch
To resolve the OpenSSL vulnerabilities, upgrade to OpenSSL
0.9.7c or OpenSSL 0.9.6k. Alternatively, upgrade or apply a patch
as directed by your vendor. Recompile any applications that are
statically linked to OpenSSL libraries.
For solutions for the other SSL/TLS vulnerabilities covered
by VU#104280, please see Appendix A and the Systems Affected
section of VU#104280.
Appendix A. Vendor Information
This appendix contains information provided by vendors. When
vendors report new information, this section is updated, and the
changes are noted in the revision history. If a vendor is not
listed below, we have not received their authenticated,
direct statement. Further vendor information is available in
the Systems Affected sections of the vulnerability notes listed
above.
AppGate Network Security AB
The default configuration of AppGate is not
vulnerable. However some extra functionality which
administrators can enable manually may cause the system to
become vulnerable. For more details check the AppGate support
pages at http://www.appgate.com/support.
Apple Computer Inc.
Apple: Vulnerable. This is fixed in Mac OS X 10.2.8 which
is available from http://www.apple.com/support/
Clavister
Clavister Firewall: Not vulnerable As of version 8.3, Clavister
Firewall implements an optional HTTP/S server for purposes of
user authentication. However, since this implementation does
not support client certificates and has no ASN.1 parser code,
there can be no ASN.1-related vulnerabilities as far as SSL is
concerned.
Earlier versions of Clavister Firewall do not implement any
SSL services.
Cray Inc.
Cray Inc. supports OpenSSL through its Cray Open Software
(COS) package. The OpenSSL version in COS 3.4 and earlier is
vulnerable. Spr 726919 has been opened to address this.
F5 Networks
F5 products BIG-IP, 3-DNS, ISMan and Firepass are
vulnerable. F5 will have ready security patches for each of
these products. Go to ask.f5.com for the appropriate security
response instructions for your product.
Hitachi
Hitachi Web Server is NOT Vulnerable to this issue.
IBM
[AIX] The AIX Security Team is aware of the issues
discussed in CERT Vulnerability Notes VU#255484, VU#380864,
VU#686224, VU#935264 and VU#732952.
OpenSSL is available for AIX via the AIX Toolbox for
Linux. Please note that the Toolbox is made available "as-is"
and is unwarranted. The Toolbox ships with OpenSSL 0.9.6g
which is vulnerable to the issues referenced above. A
patched version of OpenSSL will be provided shortly and this
vendor statement will be updated at that time.
Please note that OpenSSH, which is made available through
the Expansion Pack is not vulnerable to these issues.
[eServer] IBM eServer Platform Response For information related
to this and other published CERT Advisories that may relate
to the IBM eServer Platforms (xSeries, iSeries, pSeries, and
zSeries) please go to
https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/
securityalerts?OpenDocument&pathID=
In order to access this information you will require a Resource
Link ID. To subscribe to Resource Link go to
http://app-06.www.ibm.com/servers/resourcelink and follow the steps
for registration.
All questions should be refered to servsec@us.ibm.com.
Ingrian Networks
Ingrian Networks is aware of this vulnerablity and will
issue a security advisory when our investigation is complete.
Juniper Networks
The OpenSSL code included in domestic versions of JUNOS
Internet Software that runs on all M-series and T-series
routers is susceptible to these vulnerabilities. The SSL
library included in Releases 2.x and 3.x of SDX
provisioning software for E-series routers is susceptible to
these vulnerabilities.
Solution Implementation Corrections for all the above
vulnerabilities are included in all versions of JUNOS built
on or after October 2, 2003. Customers should contact Juniper
Networks Technical Assistance Center (JTAC) for instructions on
obtaining and installing the corrected code. SDX software
built on or after October 2, 2003, contain SSL libraries
with corrected code. Contact JTAC for instructions on
obtaining and installing the corrected code.
MandrakeSoft
The vulnerabilities referenced by VU#255484, VU#380864, and
VU#935264 have been corrected by packages released in our
MDKSA-2003:098 advisory.
NEC Corporation
Subject: VU#104280
sent on October 1, 2003
[Server Products]
* EWS/UP 48 Series operating system
- is NOT vulnerable.
It doesn't include SSL/TLS implementation.
Novell
Novell is reviewing our application portfolio to identify products
affected by the vulnerabilities reported by the NISCC. We have the
patched OpenSSL code and are reviewing and testing it internally,
and preparing patches for our products that are affected. We expect
the first patches to become available via our Security Alerts web
site (http://support.novell.com/security-alerts) during the week of
6 Oct 2003. Customers are urged to monitor our web site for patches
to versions of our products that they use and apply them
expeditiously.
OpenSSL
Please see OpenSSL Security Advisory [30 September 2003].
Openwall GNU/*/Linux
Openwall GNU/*/Linux currently uses OpenSSL 0.9.6 branch and thus
was affected by the ASN.1 parsing and client certificate handling
vulnerabilities pertaining to those versions of OpenSSL. It was not
affected by the potentially more serious incorrect memory
deallocation vulnerability (VU#935264, CVE CAN-2003-0545) that is
specific to OpenSSL 0.9.7.
Owl-current as of 2003/10/01 has been updated to OpenSSL
0.9.6k, thus correcting the vulnerabilities.
Red Hat
Red Hat distributes OpenSSL 0.9.6 in various Red Hat
Linux distributions and with the Stronghold secure web
server. Updated packages which contain backported patches
for these issues are available along with our advisories at the
URL below. Users of the Red Hat Network can update their systems
using the 'up2date' tool.
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2003-293.html
Red Hat Linux 7.1, 7.2, 7.3, 8.0:
http://rhn.redhat.com/errata/RHSA-2003-291.html
Stronghold 4 cross-platform:
http://rhn.redhat.com/errata/RHSA-2003-290.html
Red Hat distributes OpenSSL 0.9.7 in Red Hat Linux
9. Updated packages which contain backported patches for
these issues are available along with our advisory at the URL
below. Users of the Red Hat Network can update their systems
using the 'up2date' tool.
Red Hat Linux 9:
http://rhn.redhat.com/errata/RHSA-2003-292.html
Riverstone Networks
Riverstone Networks routers are not vulnerable.
SCO
We are aware of the issue and are diligently working on a fix.
SGI
SGI acknowledges receiving the vulnerabilities reported by CERT
and NISCC. CAN-2003-0543 [VU#255484], CAN-2003-0544
[VU#380864] and CAN-2003-0545 [VU#935264] have been
addressed by SGI Security Advisory 20030904-01-P:
ftp://patches.sgi.com/support/free/security/advisories/20030904-01-
P.asc
No further information is available at this time.
For the protection of all our customers, SGI does not disclose,
discuss or confirm vulnerabilities until a full investigation has
occurred and any necessary patch(es) or release streams are
available for all vulnerable and supported SGI operating systems.
Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable
and take appropriate steps according to local site security
policies and requirements. As further information becomes
available, additional advisories will be issued via the normal SGI
security information distribution methods including the wiretap
mailing list on http://www.sgi.com/support/security/
Stonesoft
Stonesoft has published a security advisory that addresses
the issues in vulnerability notes VU#255484 and VU#104280. The
advisory is at http://www.stonesoft.com/document/art/3040.html
Stunnel
Stunnel requires the OpenSSL libraries for compilation (POSIX)
or OpenSSL DLLs for runtime operation (Windows). While Stunnel
itself is not vulnerable, it's dependence on OpenSSL means
that your installation likely is vulnerable.
If you compile from source, you need to install a
non-vulnerable version of OpenSSL and recompile Stunnel.
If you use the compiled Windows DLLs from stunnel.org, you
should download new versions which are not vulnerable. OpenSSL
0.9.7c DLLs are available at
http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7c/
No new version of Stunnel source or executable will be
made available, because the problems are inside OpenSSL --
Stunnel itself does not have the vulnerability.
SuSE
All SuSE products are affected. Update packages are being
tested and will be published on Wednesday, October 1st.
VanDyke
None the VanDyke Software products are subject to these
vulnerabilities due to the fact that OpenSSL is not used in any
VanDyke products.
Appendix B. References
* CERT/CC Vulnerability Note VU#935264 -
<http://www.kb.cert.org/vuls/id/935264>
* CERT/CC Vulnerability Note VU#255484 -
<http://www.kb.cert.org/vuls/id/255484>
* CERT/CC Vulnerability Note VU#380864 -
<http://www.kb.cert.org/vuls/id/380864>
* CERT/CC Vulnerability Note VU#686224 -
<http://www.kb.cert.org/vuls/id/686224>
* CERT/CC Vulnerability Note VU#732952 -
<http://www.kb.cert.org/vuls/id/732952>
* CERT/CC Vulnerability Note VU#104280 -
<http://www.kb.cert.org/vuls/id/104280>
* OpenSSL Security Advisory [30 September 2003] -
<http://www.openssl.org/news/secadv_20030930.txt>
* NISCC Vulnerability Advisory 006489/OpenSSL -
<http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm>
* NISCC Vulnerability Advisory 006489/TLS -
<http://www.uniras.gov.uk/vuls/2003/006489/tls.htm>
* ITU ASN.1 documentation -
<http://www.itu.int/ITU-T/studygroups/com10/languages/>
_________________________________________________________________
NISCC discovered and researched these vulnerabilities; this document
is based on their work. We would like to thank Stephen Henson of the
OpenSSL project and the Oulu University Secure Programming Group
(OUSPG) for their previous work in this area.
_________________________________________________________________
Feedback can be directed to the author, Art Manion.
______________________________________________________________________
This document is available from:
http://www.cert.org/advisories/CA-2003-26.html
______________________________________________________________________
CERT/CC Contact Information
Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using encryption
We strongly urge you to encrypt sensitive information sent by
email. Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you prefer to use DES, please call the CERT hotline for
more information.
Getting security information
CERT publications and other security information are available
from our web site
http://www.cert.org/
To subscribe to the CERT mailing list for advisories and
bulletins, send email to majordomo@cert.org. Please include in
the body of your message
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the
U.S. Patent and Trademark Office.
______________________________________________________________________
NO WARRANTY Any material furnished by Carnegie Mellon University
and the Software Engineering Institute is furnished on an
"as is" basis. Carnegie Mellon University makes no warranties of
any kind, either expressed or implied as to any matter
including, but not limited to, warranty of fitness for a
particular purpose or merchantability, exclusivity or results
obtained from use of the material. Carnegie Mellon University does
not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
______________________________________________________________________
Conditions for use, disclaimers, and sponsorship information
Copyright 2003 Carnegie Mellon University.
Revision History
October 1, 2003: Initial release
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQCVAwUBP3thtTpmH2w9K/0VAQGzWAP9EpSwNUVNzSsGJjCLIX4jAKdGizhNEA/f
ZED6pvYreSwcry5SLvBMsn9vfftOdcIM1T9iPmWNm5KxQ1EsnlkojkMHdfPON56o
WpwwnLo89TxhNWgd7ThYbqXbIIPzfi0g6FM3lW4OVKEX/itscX83WPoUHp9OYBb9
pFFrq38EPjE=
=NRed
-----END PGP SIGNATURE-----
(10769888) /CERT Advisory <cert-advisory@cert.org>/(Ombruten)