|
__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN OpenSSL Security Vulnerabilities in ASN.1 parsing September 30, 2003 19:00 GMT Number N-159 [REVISED 1 Oct 2003] [REVISED 2 Oct 2003] ______________________________________________________________________________ PROBLEM: 1) Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. 2) Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances. 3) A malformed public key in a certificate will crash the verify code if it is not set to ignore public key decoding errors. 4) An error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested. PLATFORM: All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay Cisco IOS 12.1(11)E & later in the 12.1E release train Cisco PIX Firewall Cisco Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series and 7600 Series routers Cisco Network Analysis Modules (NAM) for Cisco Catalyst 6000 and 6500 Series switches and Cisco 7600 Series routers Cisco Content Service Switch (CSS) 11000 series Cisco Global Site Selector (GSS) 4480 Cisco Application & Content Networking Software (ACNS) Cisco SN 5428 Storage Router CiscoWorks 1105 Hosting Solution Engine (HSE) CiscoWorks 1105 Wireless LAN Solution Engine (WLSE) CiscoWorks Common Services (CMF) Cisco SIP Proxy Server (SPS) HP-UX B.11.00, B.11.11, B.11.20, B.11.22, B.11.23 DAMAGE: Denial of service SOLUTION: Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries. Check with your vendor for platform-specific solutions. ______________________________________________________________________________ VULNERABILITY The risk is LOW. This is a denial of service and it is ASSESSMENT: currently unknown if the attacker can run arbitrary code. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-159.shtml ORIGINAL BULLETIN: http://www.openssl.org/news/secadv_20030930.txt ADDITIONAL LINKS: Cisco Security Advisory Document ID: 45643 http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl. shtml CERT Advisory CA-2003-26 http://www.cert.org/advisories/CA-2003-26.html DHS/FedCIRC Advisory FA-2003-26 http://www2.fedcirc.gov/advisories/FA-2003-26.html Visit Hewlett Packard Subscription Service for: HPSBUX0310-284 (SSRT3622) ______________________________________________________________________________ REVISION HISTORY: 10/1/03 - Added Cisco Security Advisory Cisco-SA-20030930 and updated PLATFORM Section. 10/2/03 - Added links for CERT Advisory CA-2003-26, FedCIRC Advisory FA-2003-26, and Hewlett Packard HPSBUX0310-284 (SSRT3622). [****** START OpenSSL Security Advisory ******] OpenSSL Security Advisory [30 September 2003] Vulnerabilities in ASN.1 parsing ================================ NISCC (www.niscc.gov.uk) prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates. Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite. A bug in OpenSSLs SSL/TLS protocol was also identified which causes OpenSSL to parse a client certificate from an SSL/TLS client when it should reject it as a protocol error. Vulnerabilities --------------- 1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. 2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. 3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Public key decode errors are not normally ignored, except for debugging purposes, so this is unlikely to affect production code. Exploitation of an affected application would result in a denial of service vulnerability. 4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested. This by itself is not strictly speaking a vulnerability but it does mean that *all* SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication. Who is affected? ---------------- All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected. Any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines. Recommendations --------------- Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications statically linked to OpenSSL libraries. References ---------- The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0545 for issue 1: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 and CAN-2003-0543 and CAN-2003-0544 for issue 2: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 URL for this Security Advisory: http://www.openssl.org/news/secadv_20030930.txt [****** END OpenSSL Security Advisory ******] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of OpenSSL for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) N-149: Sendmail 8.12.9 Prescan Bug N-150: Red Hat Updated KDE packages fix security issues N-151: OpenSSH Buffer Management Error N-152: Real Networks Streaming Server Vulnerability N-153: New Worms and Helpful Computer Users N-154: IBM DB2 Buffer Overflow Vulnerabilities N-155: Red Hat Updated Perl packages fix security issues N-156: ProFTPD ASCII File Remote Compromise Vulnerability N-157: CERT/CC Vulnerability Note OpenSSH PAM challenge authentication failure N-158: CERT/CC Vulnerability Note Portable OpenSSH server PAM