TUCoPS :: SCO :: bt1255.txt

UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities

To: announce@lists.sco.com bugtraq@securityfocus.com full-disclosure@lists.netsys.com

Hash: SHA1


			SCO Security Advisory

Subject:		UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
Advisory number: 	CSSA-2003-SCO.25
Issue date: 		2003 October 01
Cross reference:

1. Problem Description

	OpenSSL is a commercial-grade, full-featured, open source
	toolkit that implements Secure Sockets Layer (SSL v2/v3)
	and Transport Layer Security (TLS v1) protocols, as well
	as a full-strength general purpose cryptography library.

	Multiple vulnerabilities have been found that could result
	in denial of service. NISCC (www.niscc.gov.uk) prepared a
	test suite to check the operation of SSL/TLS software when
	presented with a wide range of malformed client certificates.

	Dr Stephen Henson (steve@openssl.org) of the OpenSSL core
	team identified and prepared fixes for a number of
	vulnerabilities in the OpenSSL ASN1 code when running the
	test suite. 

	A bug in OpenSSLs SSL/TLS protocol was also identified which 
	causes OpenSSL to parse a client certificate from an SSL/TLS 
	client when it should reject it as a protocol error. For the 
	full OpenSSL advisory please see:

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2003-0545 and CAN-2003-0543 and
	CAN-2003-0544 to these issues. 

	CERT has assigned the names VU#935264, VU#255484 and VU#255484 
	to these issues. 

	CERT VU#935264 / CAN-2003-0545: Double-free vulnerability in
	OpenSSL 0.9.7 allows remote attackers to cause a denial
	of service (crash) and possibly execute arbitrary code via
	an SSL client certificate with a certain invalid ASN.1

	CERT VU#255484 / CAN-2003-0543: Integer overflow
	in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause
	a denial of service (crash) via an SSL client certificate
	with certain ASN.1 tag values. 

	CERT VU#255484 / CAN-2003-0544:
	OpenSSL 0.9.6 and 0.9.7 does not properly track the number
	of characters in certain ASN.1 inputs, which allows remote
	attackers to cause a denial of service (crash) via an SSL
	client certificate that causes OpenSSL to read past the
	end of a buffer when the long form is used. 

2. Vulnerable Supported Versions

	System				Binaries
	UnixWare 7.1.3, 
	Open UNIX 8.0.0,
	UnixWare 7.1.1 
3. Solution

	The proper solution is to install the latest packages.

4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1

	4.1 The OpenSsl package must be installed.  It is located at


	4.2 Location of Fixed Binaries


	4.3 Verification

	MD5 (erg712449.Z) = 3a52615dfa14ef4ea7be1a4221fa7aed

	md5 is available for download from

	4.4 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1. Download the erg712449.Z file to the /tmp directory on your machine.

	2. As root, uncompress the file and add the package to your system
	   using these commands:

        $ su
        Password: <type your root password>
        # uncompress /tmp/erg712449.Z
        # pkgadd -d /tmp/erg712449
        # rm /tmp/erg712449

5. References

	Specific references for this advisory:

	SCO security resources:

	This security fix closes SCO incidents sr885388 fz528383

6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO

7. Acknowledgments

	SCO would like to thank Dr. Stephen Henson who discovered
	a number of errors in the OpenSSL ASN1 code, using a test
	suite provided by NISCC (www.niscc.gov.uk). SCO would also
	like to thank NISCC for their research.


Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH