[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031002144548.A18271@caldera.com>
Date: Thu, 2 Oct 2003 14:45:48 -0700
From: security@....com
To: announce@...ts.sco.com, bugtraq@...urityfocus.com,
full-disclosure@...ts.netsys.com
Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
To: announce@...ts.sco.com bugtraq@...urityfocus.com full-disclosure@...ts.netsys.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
Advisory number: CSSA-2003-SCO.25
Issue date: 2003 October 01
Cross reference:
______________________________________________________________________________
1. Problem Description
OpenSSL is a commercial-grade, full-featured, open source
toolkit that implements Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well
as a full-strength general purpose cryptography library.
Multiple vulnerabilities have been found that could result
in denial of service. NISCC (www.niscc.gov.uk) prepared a
test suite to check the operation of SSL/TLS software when
presented with a wide range of malformed client certificates.
Dr Stephen Henson (steve@...nssl.org) of the OpenSSL core
team identified and prepared fixes for a number of
vulnerabilities in the OpenSSL ASN1 code when running the
test suite.
A bug in OpenSSLs SSL/TLS protocol was also identified which
causes OpenSSL to parse a client certificate from an SSL/TLS
client when it should reject it as a protocol error. For the
full OpenSSL advisory please see:
http://www.openssl.org/news/secadv_20030930.txt
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0545 and CAN-2003-0543 and
CAN-2003-0544 to these issues.
CERT has assigned the names VU#935264, VU#255484 and VU#255484
to these issues.
CERT VU#935264 / CAN-2003-0545: Double-free vulnerability in
OpenSSL 0.9.7 allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via
an SSL client certificate with a certain invalid ASN.1
encoding.
CERT VU#255484 / CAN-2003-0543: Integer overflow
in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause
a denial of service (crash) via an SSL client certificate
with certain ASN.1 tag values.
CERT VU#255484 / CAN-2003-0544:
OpenSSL 0.9.6 and 0.9.7 does not properly track the number
of characters in certain ASN.1 inputs, which allows remote
attackers to cause a denial of service (crash) via an SSL
client certificate that causes OpenSSL to read past the
end of a buffer when the long form is used.
2. Vulnerable Supported Versions
System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3,
Open UNIX 8.0.0,
UnixWare 7.1.1
/usr/lib/libcrypto.a
/usr/lib/libcrypto.so.0.9.7
/usr/lib/libssl.a
/usr/lib/libssl.so.0.9.7
3. Solution
The proper solution is to install the latest packages.
4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1
4.1 The OpenSsl package must be installed. It is located at
ftp://ftp.sco.com/pub/unixware7/713/uw713up/openssl.image
4.2 Location of Fixed Binaries
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.25
4.3 Verification
MD5 (erg712449.Z) = 3a52615dfa14ef4ea7be1a4221fa7aed
md5 is available for download from
ftp://ftp.sco.com/pub/security/tools
4.4 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1. Download the erg712449.Z file to the /tmp directory on your machine.
2. As root, uncompress the file and add the package to your system
using these commands:
$ su
Password: <type your root password>
# uncompress /tmp/erg712449.Z
# pkgadd -d /tmp/erg712449
# rm /tmp/erg712449
5. References
Specific references for this advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545
http://www.kb.cert.org/vuls/id/255484
http://www.kb.cert.org/vuls/id/380864
http://www.kb.cert.org/vuls/id/935264
http://www.openssl.org/news/secadv_20030930.txt
http://www.uniras.gov.uk/vuls/2003/006489/tls.htm
http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr885388 fz528383
erg712449.
6. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
products.
7. Acknowledgments
SCO would like to thank Dr. Stephen Henson who discovered
a number of errors in the OpenSSL ASN1 code, using a test
suite provided by NISCC (www.niscc.gov.uk). SCO would also
like to thank NISCC for their research.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
iD8DBQE/fJpMaqoBO7ipriERAimTAKCD0Fc7lvB+U1Kcl7OWg8nvpW7BwgCcC5gB
zjSCvwefmDABKJ6nszYaMOI=
=+4qS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists