OpenSSL Security Update

Pseud0 writes "Just announced on the OpenSSL announce mailing list. The affected versions are "[...] OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable." Get your updates here."

Mirrors list mirrored

[Olinator]

Here. (I tried to submit this story with this link, 'cause the site was going down before it appeared on /.; guess I wasn't fast enough.)

Ole

Answer

[petard]

engine versions incorporate support for hardware cryptographic devices.

Re:How about some common courtesy?

[tbmaddux]

Found details on vulnerabilities (don't know if they're the same ones as the ones being patched) in OpenSSL at bugtraq:

"There are several potentially exploitable vulnerabilities in the OpenSSL toolkit. A security review of OpenSSL is being done by A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) under the DARPA program CHATS. Through this review, the following vulnerabilities were discovered:

1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulnerability is exploitable.

2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

3. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

4. The ASN1 parser can be confused by supplying it with certain invalid encodings.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0655 to issue 3, and CAN-2002-0659 to issue 4.

Here's a link.

Happy Xmas

[fingal]

OpenSSL Security Advisory [30 July 2002]

This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.

Advisory 1

A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.

Vulnerabilities

All four of these are potentially remotely exploitable.

1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.

In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.

Who is affected?

Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.

SSLeay is probably also affected.

Recommendations

Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.

A patch for 0.9.7 is available from the OpenSSL website (http://www.openssl.org/).

Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.

Client should be disabled altogether until the patches are applied.

Known Exploits

There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0655

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0656

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0657

Acknowledgements

The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.

The patch and advisory were prepared by Ben Laurie.

Advisory 2

Vulnerabilities

The ASN1 parser can be confused by supplying it with certain invalid encodings.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.

Who is affected?

Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.

Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.

Exploits

There are no known exploits for this vulnerability.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0659

Acknowledgements

This vulnerability was discovered by Adi Stav and James Yonan independently. The patch is partly based on a version by Adi Stav.

The patch and advisory were prepared by Dr. Stephen Henson.

Security Advisory from Bugtraq

The original security advisory (with attached patch for OpenSSL 0.9.6d) is here. A follow-up with patches for older versions is here.

Advisory + Patch

[ChiefArcher]

http://online.securityfocus.com/archive/1/285022/2 002-07-27/2002-08-02/0

Advisory Mirror

[ActMatrix]

Here's a copy of the full advisory since the OpenSSL site is /.'d.

Re:Logic behind this

[spudnic]

This may sound like a plug for the RHN Enterprise service, because it is. I got in this morning at around 7:50, checked the status of all of my Red Hat servers through the web page and saw that there was an urgent update available for OpenSSL. I clicked 3 times and all of them were scheduled to get the update the next time they checked in.

It's now 9:44 and all of my servers are patched. It took me 5 seconds to schedule it, and just drank coffee and read /. as it happened.

It's well worth it. We're all sold on it, and the Novell guys are envious.

Mirrors

[Wouter+Van+Hemel]

Damn /. morons, was it really necessary to link to the _main_ site instead of providing some mirrors?

Most mirrors are not up to date yet, except:

ftp://opensores.thebunker.net/pub/mirrors/openss l/ source/
ftp://ftp.psy.uq.edu.au/pub/Crypto/OpenSS L/
ftp://ftp.infoscience.co.jp/pub/Crypto/SSL/ope nssl /source/

... but by the time you read this, maybe the others have it too (thanks to google... yet again):

* ftp://ftp.openssl.org/source/ [CH]
* ftp://sunsite.cnlab-switch.ch/mirror/openssl/ [CH]
* ftp://ftp.funet.fi/pub/crypt/cryptography/libs/ope nssl/ [FI]
* ftp://ftp.pca.dfn.de/pub/tools/net/openssl/ [DE]
* ftp://ftp.ecrc.net/pub/security/openssl/ [DE]
* ftp://ftp.uni-trier.de/pub/unix/security/openssl/ [DE]
* ftp://ftp.webmonster.de/pub/openssl/ [DE]
* ftp://opensores.thebunker.net/pub/mirrors/openssl/ [UK]
* ftp://ftp.net.lut.ac.uk/openssl/ [UK]
* ftp://ftp.mirror.ac.uk/sites/ftp.openssl.org/ [UK]
* ftp://sunsite.uio.no/pub/security/openssl/ [NO]
* ftp://ftp.sunet.se/pub/security/tools/net/openssl/ [SE]
* ftp://ftp.chl.chalmers.se/pub/unix/security/openss l/ [SE]
* ftp://ftp.psy.uq.edu.au/pub/Crypto/ [AU]
* ftp://mirror.aarnet.edu.au/pub/openssl/ [AU]
* ftp://gd.tuwien.ac.at/infosys/security/openssl/ [AT]
* ftp://glock.missouri.edu/pub/openssl/ [US]
* ftp://ftp.av8.com/pub/mirrors/openssl/ [US]
* ftp://ftp.styx.net/mirrors/crypto/openssl/ [US]
* ftp://gw.inetlab.com/mirrors/openssl/ [RU]
* ftp://ftp.mos.net/pub/security/openssl/ [RU]
* ftp://ftp.ebizlab.hit.bme.hu/pub/openssl/ [HU]
* ftp://ftp.kfki.hu/pub/packages/security/openssl/ [HU]
* ftp://guest.kuria.katowice.pl/pub/openssl/ [PL]
* ftp://ftp.win.ne.jp/pub/network/security/openssl/ [JP]
* ftp://ftp.infoscience.co.jp/pub/Crypto/SSL/openssl / [JP]
* ftp://ftp.happysize.co.jp/mirror/openssl/ [JP]
* ftp://ftp.ncu.edu.tw/Unix/Crypto/OpenSSL/ [TW]
* ftp://ftp.mit.com.tw/pub/SSL/openssl/ [TW]
* ftp://ftp.elab.co.za/support/openssl/source/ [ZA]
* ftp://ftp.fisek.com.tr/pub/openssl/ [TR]
* ftp://ftp.fi.muni.cz/pub/openssl/ [CZ]
* ftp://ftp.sunsite.utk.edu/pub/openssl/ [US]
* ftp://ftp.gm.is/pub/openssl/ [IS]
* ftp://ftp.directnet.ru/pub/openssl/ [RU]
* ftp://ftp.linux.hr/pub/openssl/ [HR]
* ftp://ftp.1stnet.co.uk/pub/mirrors/openssl/ [UK]
* ftp://mirror.aarnet.edu.au/pub/openssl/ [AU]
* ftp://storm.alert.sk/mirrors/openssl/ [SK]
* ftp://ftp.openssl.uli.it/ [IT]
* ftp://ftp.grmbl.com/pub/openssl/ [BE]
* ftp://ftp.gin.cz/pub/MIRRORS/ftp.openssl.org/ [CZ]
* ftp://ftp.calyx.nl/pub/openssl/ [NL]
* ftp://ftp.duth.gr/pub/OpenSSL/ [GR]
* ftp://ftp.linux.gr/pub/crypto/openssl/ [GR]
* ftp://ftp.si.uniovi.es/mirror/OpenSSL/ [ES]

Cheers.

Re:Debian users:

[CentrX]

For stable releases, Debian backports the patches to the version that's in stable, so as not to introduce problems that may result from introducing a relatively heavily modified new release. That's why it's called "stable". From the Debian Security Advisory: "These vulnerabilities have been addressed for Debian 3.0 (woody) in openssl094_0.9.4-6.woody.0, openssl095_0.9.5a-6.woody.0 and openssl_0.9.6c-2.woody.0." So, the link provided is a package that isn't vulnerable.

Re: another victory for Open Source!

[Black+Parrot]

> Thanks to "many eyes," no sooner is a flaw detected than it is patched up!

<pedantic>Actually, "many eyes" didn't have much to do with either facet, this time. The detection was done by the (presumably pay-to-view) eyes at A.L. Digital Ltd and The Bunker, and the fix isn't an "eyes" issue at all, but rather a get-on-the-ball-and-do-it issue.</pedantic>

But you're entirely right about the quick turn-around. The good folk at OpenSSH completely skipped the Six Step Security Patch Development Cycle so commonly used in the commercial software world thes days:

1. deny it, as long as possible
2. promise an investigation, as long as possible
3. promise "real soon now", as long as possible
4. make excuses for the delay, as long as possible
5. release a broken fix, investing as little effort as possible
6. GOTO 1

Re:How about some common courtesy?

[krogoth]

If you care about security, you should be reading Bugtraq. As soon as I saw the title I checked my email and read the real advisory - now that I'm done upgrading, I can come back and see what Slashdot says about it.