Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Debian :: dsa-394.htm

openssl095 - ASN.1 parsing vulnerability



Debian Security Advisory

DSA-394-1 openssl095 -- ASN.1 parsing vulnerability

Date Reported:
11 Oct 2003
Affected Packages:
openssl095
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CAN-2003-0543, CAN-2003-0544, CAN-2003-0545.
More information:

Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC).

A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error.

The Common Vulnerabilities and Exposures project identifies the following problems:

  • CAN-2003-0543:

    Integer overflow in OpenSSL that allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.

  • CAN-2003-0544:

    OpenSSL does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

  • CAN-2003-0545:

    Double-free vulnerability allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. This bug was only present in OpenSSL 0.9.7 and is listed here only for reference.

For the stable distribution (woody) this problem has been fixed in openssl095 version 0.9.5a-6.woody.3.

This package is not present in the unstable (sid) or testing (sarge) distribution.

We recommend that you upgrade your libssl095a packages and restart services using this library. Debian doesn't ship any packages that are linked against this library.

The following commandline (courtesy of Ray Dassen) produces a list of names of running processes that have libssl095 mapped into their memory space:

    find /proc -name maps -exec egrep -l 'libssl095' {} /dev/null \; | sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers -p | sed -e 's/^\+//' -e 's/ \+/ /g' | cut -d ' ' -f 5 | sort | uniq

You should restart the associated services.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.dsc
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.diff.gz
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_i386.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_sparc.deb

MD5 checksums of the listed files are available in the original advisory.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH