TUCoPS :: SCO :: bt1255.txt

UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities



To: announce@lists.sco.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
Advisory number: 	CSSA-2003-SCO.25
Issue date: 		2003 October 01
Cross reference:
______________________________________________________________________________


1. Problem Description

	OpenSSL is a commercial-grade, full-featured, open source
	toolkit that implements Secure Sockets Layer (SSL v2/v3)
	and Transport Layer Security (TLS v1) protocols, as well
	as a full-strength general purpose cryptography library.

	Multiple vulnerabilities have been found that could result
	in denial of service. NISCC (www.niscc.gov.uk) prepared a
	test suite to check the operation of SSL/TLS software when
	presented with a wide range of malformed client certificates.

	Dr Stephen Henson (steve@openssl.org) of the OpenSSL core
	team identified and prepared fixes for a number of
	vulnerabilities in the OpenSSL ASN1 code when running the
	test suite. 

	A bug in OpenSSLs SSL/TLS protocol was also identified which 
	causes OpenSSL to parse a client certificate from an SSL/TLS 
	client when it should reject it as a protocol error. For the 
	full OpenSSL advisory please see:
	http://www.openssl.org/news/secadv_20030930.txt 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2003-0545 and CAN-2003-0543 and
	CAN-2003-0544 to these issues. 

	CERT has assigned the names VU#935264, VU#255484 and VU#255484 
	to these issues. 

	CERT VU#935264 / CAN-2003-0545: Double-free vulnerability in
	OpenSSL 0.9.7 allows remote attackers to cause a denial
	of service (crash) and possibly execute arbitrary code via
	an SSL client certificate with a certain invalid ASN.1
	encoding. 

	CERT VU#255484 / CAN-2003-0543: Integer overflow
	in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause
	a denial of service (crash) via an SSL client certificate
	with certain ASN.1 tag values. 

	CERT VU#255484 / CAN-2003-0544:
	OpenSSL 0.9.6 and 0.9.7 does not properly track the number
	of characters in certain ASN.1 inputs, which allows remote
	attackers to cause a denial of service (crash) via an SSL
	client certificate that causes OpenSSL to read past the
	end of a buffer when the long form is used. 


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.3, 
	Open UNIX 8.0.0,
	UnixWare 7.1.1 
					/usr/lib/libcrypto.a 
					/usr/lib/libcrypto.so.0.9.7
					/usr/lib/libssl.a 
					/usr/lib/libssl.so.0.9.7
3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1

	4.1 The OpenSsl package must be installed.  It is located at

	ftp://ftp.sco.com/pub/unixware7/713/uw713up/openssl.image

	4.2 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.25

	4.3 Verification

	MD5 (erg712449.Z) = 3a52615dfa14ef4ea7be1a4221fa7aed

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools


	4.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1. Download the erg712449.Z file to the /tmp directory on your machine.

	2. As root, uncompress the file and add the package to your system
	   using these commands:

        $ su
        Password: <type your root password>
        # uncompress /tmp/erg712449.Z
        # pkgadd -d /tmp/erg712449
        # rm /tmp/erg712449

5. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 
		http://www.kb.cert.org/vuls/id/255484 
		http://www.kb.cert.org/vuls/id/380864 
		http://www.kb.cert.org/vuls/id/935264 
		http://www.openssl.org/news/secadv_20030930.txt 
		http://www.uniras.gov.uk/vuls/2003/006489/tls.htm 
		http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr885388 fz528383
	erg712449.


6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


7. Acknowledgments

	SCO would like to thank Dr. Stephen Henson who discovered
	a number of errors in the OpenSSL ASN1 code, using a test
	suite provided by NISCC (www.niscc.gov.uk). SCO would also
	like to thank NISCC for their research.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/fJpMaqoBO7ipriERAimTAKCD0Fc7lvB+U1Kcl7OWg8nvpW7BwgCcC5gB
zjSCvwefmDABKJ6nszYaMOI=
=+4qS
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH