OpenSSL Security Vulnerabilities Roundup
by Berislav Kucan
OpenSSL Security Advisory issued on 30 July 2002 that points to several security issues within OpenSSL. There are four remotely exploitable buffer overflows in OpenSSL. There are also encoding problems in the ASN.1 library used by OpenSSL. Several of these vulnerabilities could be used by a remote attacker to execute arbitrary code on the target system. All could be used to create denial of service.

Advisory #1 consist of the following vulnerabilities:

1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is not available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

Advisory #2 says that the ASN1 parser can be confused by supplying it with certain invalid encodings.

Both advisories can be found in the mentioned OpenSSL Security Advisory available over here:

http://www.net-security.org/vuln.php?id=1916



CERT Advisory CA-2002-23 - Multiple Vulnerabilities In OpenSSL

http://www.net-security.org/advisory.php?id=880

Systems Affected:

* OpenSSL prior to 0.9.6e, up to and including pre-release 0.9.7-beta2

* OpenSSL pre-release 0.9.7-beta2 and prior with Kerberos enabled

* SSLeay library



Vendor security advisories:

Red Hat Security Advisory - Updated openssl packages fix remote vulnerabilities

http://www.net-security.org/advisory.php?id=890

EnGarde Secure Linux Advisory - Several vulnerabilities in the openssl library

http://www.net-security.org/advisory.php?id=889

Debian Security Advisory - Multiple OpenSSL problems

http://www.net-security.org/advisory.php?id=888

SuSE Security Announcement - openssl

http://www.net-security.org/advisory.php?id=884

Mandrake Linux Security Advisory - openssl

http://www.net-security.org/advisory.php?id=882



Solutions:

OpenSSL 0.9.6e is now available, including important bugfixes

http://www.openssl.org/source/

2232012 Jul 30 13:16:45 2002 openssl-engine-0.9.6e.tar.gz [LATEST]

2158566 Jul 30 13:07:56 2002 openssl-0.9.6e.tar.gz [LATEST

Combined patches for OpenSSL 0.9.6d:

http://www.openssl.org/news/patch_20020730_0_9_6d.txt

Combined patches for OpenSSL 0.9.7 beta 2:

http://www.openssl.org/news/patch_20020730_0_9_7.txt

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //