OpenSSL Security Vulnerabilities Roundup
by Berislav Kucan
OpenSSL Security Advisory issued on 30 July 2002 that points to several security issues within OpenSSL. There are four remotely exploitable buffer overflows in OpenSSL. There are also encoding problems in the ASN.1 library used by OpenSSL. Several of these vulnerabilities could be used by a remote attacker to execute arbitrary code on the target system. All could be used to create denial of service.

Advisory #1 consist of the following vulnerabilities:

1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is not available at this time.

2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.

3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.

4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.

Advisory #2 says that the ASN1 parser can be confused by supplying it with certain invalid encodings.

Both advisories can be found in the mentioned OpenSSL Security Advisory available over here:

http://www.net-security.org/vuln.php?id=1916



CERT Advisory CA-2002-23 - Multiple Vulnerabilities In OpenSSL

http://www.net-security.org/advisory.php?id=880

Systems Affected:

* OpenSSL prior to 0.9.6e, up to and including pre-release 0.9.7-beta2

* OpenSSL pre-release 0.9.7-beta2 and prior with Kerberos enabled

* SSLeay library



Vendor security advisories:

Red Hat Security Advisory - Updated openssl packages fix remote vulnerabilities

http://www.net-security.org/advisory.php?id=890

EnGarde Secure Linux Advisory - Several vulnerabilities in the openssl library

http://www.net-security.org/advisory.php?id=889

Debian Security Advisory - Multiple OpenSSL problems

http://www.net-security.org/advisory.php?id=888

SuSE Security Announcement - openssl

http://www.net-security.org/advisory.php?id=884

Mandrake Linux Security Advisory - openssl

http://www.net-security.org/advisory.php?id=882



Solutions:

OpenSSL 0.9.6e is now available, including important bugfixes

http://www.openssl.org/source/

2232012 Jul 30 13:16:45 2002 openssl-engine-0.9.6e.tar.gz [LATEST]

2158566 Jul 30 13:07:56 2002 openssl-0.9.6e.tar.gz [LATEST

Combined patches for OpenSSL 0.9.6d:

http://www.openssl.org/news/patch_20020730_0_9_6d.txt

Combined patches for OpenSSL 0.9.7 beta 2:

http://www.openssl.org/news/patch_20020730_0_9_7.txt

Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //