OpenSSL Security Update

Pseud0 writes "Just announced on the OpenSSL announce mailing list. The affected versions are "[...] OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable." Get your updates here."

Mirrors list mirrored

[Olinator]

Here. (I tried to submit this story with this link, 'cause the site was going down before it appeared on /.; guess I wasn't fast enough.)

Ole

How about some common courtesy?

[gosand]

For crying out loud, how about at least putting the text of the security alert in the story. Honestly, how hard would it have been to do that? Now all I know is that there is some security issue with OpenSSL, and I can't get to the site to even see what it is. I know /. can't control the fact that sites get slashdotted, but you could be a little more considerate and give us SOME information.

Re:How about some common courtesy?

[tbmaddux]

Found details on vulnerabilities (don't know if they're the same ones as the ones being patched) in OpenSSL at bugtraq:

"There are several potentially exploitable vulnerabilities in the OpenSSL toolkit. A security review of OpenSSL is being done by A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) under the DARPA program CHATS. Through this review, the following vulnerabilities were discovered:

1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulnerability is exploitable.

2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

3. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

4. The ASN1 parser can be confused by supplying it with certain invalid encodings.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0655 to issue 3, and CAN-2002-0659 to issue 4.

Here's a link.

Answer

[petard]

engine versions incorporate support for hardware cryptographic devices.

Happy Xmas

[fingal]

OpenSSL Security Advisory [30 July 2002]

This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.

Advisory 1

A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.

Vulnerabilities

All four of these are potentially remotely exploitable.

1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.

In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.

Who is affected?

Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.

SSLeay is probably also affected.

Recommendations

Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.

A patch for 0.9.7 is available from the OpenSSL website (http://www.openssl.org/).

Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.

Client should be disabled altogether until the patches are applied.

Known Exploits

There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0655

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0656

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0657

Acknowledgements

The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.

The patch and advisory were prepared by Ben Laurie.

Advisory 2

Vulnerabilities

The ASN1 parser can be confused by supplying it with certain invalid encodings.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.

Who is affected?

Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

Recommendations

Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.

Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.

Exploits

There are no known exploits for this vulnerability.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0659

Acknowledgements

This vulnerability was discovered by Adi Stav and James Yonan independently. The patch is partly based on a version by Adi Stav.

The patch and advisory were prepared by Dr. Stephen Henson.

Re:Logic behind this

[spudnic]

This may sound like a plug for the RHN Enterprise service, because it is. I got in this morning at around 7:50, checked the status of all of my Red Hat servers through the web page and saw that there was an urgent update available for OpenSSL. I clicked 3 times and all of them were scheduled to get the update the next time they checked in.

It's now 9:44 and all of my servers are patched. It took me 5 seconds to schedule it, and just drank coffee and read /. as it happened.

It's well worth it. We're all sold on it, and the Novell guys are envious.

Mirrors

[Wouter+Van+Hemel]

Damn /. morons, was it really necessary to link to the _main_ site instead of providing some mirrors?

Most mirrors are not up to date yet, except:

ftp://opensores.thebunker.net/pub/mirrors/openss l/ source/
ftp://ftp.psy.uq.edu.au/pub/Crypto/OpenSS L/
ftp://ftp.infoscience.co.jp/pub/Crypto/SSL/ope nssl /source/

... but by the time you read this, maybe the others have it too (thanks to google... yet again):

* ftp://ftp.openssl.org/source/ [CH]
* ftp://sunsite.cnlab-switch.ch/mirror/openssl/ [CH]
* ftp://ftp.funet.fi/pub/crypt/cryptography/libs/ope nssl/ [FI]
* ftp://ftp.pca.dfn.de/pub/tools/net/openssl/ [DE]
* ftp://ftp.ecrc.net/pub/security/openssl/ [DE]
* ftp://ftp.uni-trier.de/pub/unix/security/openssl/ [DE]
* ftp://ftp.webmonster.de/pub/openssl/ [DE]
* ftp://opensores.thebunker.net/pub/mirrors/openssl/ [UK]
* ftp://ftp.net.lut.ac.uk/openssl/ [UK]
* ftp://ftp.mirror.ac.uk/sites/ftp.openssl.org/ [UK]
* ftp://sunsite.uio.no/pub/security/openssl/ [NO]
* ftp://ftp.sunet.se/pub/security/tools/net/openssl/ [SE]
* ftp://ftp.chl.chalmers.se/pub/unix/security/openss l/ [SE]
* ftp://ftp.psy.uq.edu.au/pub/Crypto/ [AU]
* ftp://mirror.aarnet.edu.au/pub/openssl/ [AU]
* ftp://gd.tuwien.ac.at/infosys/security/openssl/ [AT]
* ftp://glock.missouri.edu/pub/openssl/ [US]
* ftp://ftp.av8.com/pub/mirrors/openssl/ [US]
* ftp://ftp.styx.net/mirrors/crypto/openssl/ [US]
* ftp://gw.inetlab.com/mirrors/openssl/ [RU]
* ftp://ftp.mos.net/pub/security/openssl/ [RU]
* ftp://ftp.ebizlab.hit.bme.hu/pub/openssl/ [HU]
* ftp://ftp.kfki.hu/pub/packages/security/openssl/ [HU]
* ftp://guest.kuria.katowice.pl/pub/openssl/ [PL]
* ftp://ftp.win.ne.jp/pub/network/security/openssl/ [JP]
* ftp://ftp.infoscience.co.jp/pub/Crypto/SSL/openssl / [JP]
* ftp://ftp.happysize.co.jp/mirror/openssl/ [JP]
* ftp://ftp.ncu.edu.tw/Unix/Crypto/OpenSSL/ [TW]
* ftp://ftp.mit.com.tw/pub/SSL/openssl/ [TW]
* ftp://ftp.elab.co.za/support/openssl/source/ [ZA]
* ftp://ftp.fisek.com.tr/pub/openssl/ [TR]
* ftp://ftp.fi.muni.cz/pub/openssl/ [CZ]
* ftp://ftp.sunsite.utk.edu/pub/openssl/ [US]
* ftp://ftp.gm.is/pub/openssl/ [IS]
* ftp://ftp.directnet.ru/pub/openssl/ [RU]
* ftp://ftp.linux.hr/pub/openssl/ [HR]
* ftp://ftp.1stnet.co.uk/pub/mirrors/openssl/ [UK]
* ftp://mirror.aarnet.edu.au/pub/openssl/ [AU]
* ftp://storm.alert.sk/mirrors/openssl/ [SK]
* ftp://ftp.openssl.uli.it/ [IT]
* ftp://ftp.grmbl.com/pub/openssl/ [BE]
* ftp://ftp.gin.cz/pub/MIRRORS/ftp.openssl.org/ [CZ]
* ftp://ftp.calyx.nl/pub/openssl/ [NL]
* ftp://ftp.duth.gr/pub/OpenSSL/ [GR]
* ftp://ftp.linux.gr/pub/crypto/openssl/ [GR]
* ftp://ftp.si.uniovi.es/mirror/OpenSSL/ [ES]

Cheers.

Upgrading SSL is nothing like upgrading SSH

[tzanger]

I have 18 firewalls to update (I sell these and support them, it's a nice way to suppliment my income). I'm not having much luck updating them though.

So far (on 5/7 firewalls), updating the ssl libraries caused ssh to kick out. This is very much unlike upgrading ssh, where the currently running sessions would stay active and you just kill off the 'parent' sshd process and restart sshd to upgrade.

Does anyone know why upgrading the shared lib is kicking out running sessions of ssh linked against it? Short of compiling sshd statically, is there any way around this? So far all the boxes are local but I have a few that are quite a distance and short of enabling telnet with a throwaway root account or statically compiling a temporary sshd, I'm screwed. :-)