LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Vulnerabilities in OpenSSL

[Posted October 1, 2003 by ris]

The National Infrastructure Security Co-ordination Centre (NISCC) is an organization within the UK Government, set up to defend against electronic attack. As part of that mandate, the NISCC recently prepared a test suite to check the operation of SSL/TLS software when presented with a wide range of malformed client certificates. Dr Stephen Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code when running the test suite. Since these vulnerabilities were found during code review, there are no known exploits, and there won't be any as long as everyone updates their systems in a timely fashion. Many distributions have already provided updates for these problems, shown in the new vulnerability report listed below.

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected, as well as any application that makes use of OpenSSL's ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.

From the advisory:

  1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It is currently unknown whether this can be exploited to run malicious code. This issue does not affect OpenSSL 0.9.6. The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0545 for this issue.

  2. Unusual ASN.1 tag values can cause an out of bounds read under certain circumstances, resulting in a denial of service vulnerability. The Common Vulnerabilities and Exposures project has assigned the names CAN-2003-0543 and CAN-2003-0544 for this issue.

  3. A malformed public key in a certificate will crash the verify code if it is set to ignore public key decoding errors. Public key decode errors are not normally ignored, except for debugging purposes, so this is unlikely to affect production code. Exploitation of an affected application would result in a denial of service vulnerability.

  4. Due to an error in the SSL/TLS protocol handling, a server will parse a client certificate when one is not specifically requested. This by itself is not strictly speaking a vulnerability but it does mean that *all* SSL/TLS servers that use OpenSSL can be attacked using vulnerabilities 1, 2 and 3 even if they don't enable client authentication.
All OpenSSL users should upgrade to OpenSSL 0.9.7c or 0.9.6k and recompile any OpenSSL applications statically linked to OpenSSL libraries.
(Log in to post comments)

Vulnerabilities in OpenSSL

Posted Oct 2, 2003 15:02 UTC (Thu) by RobSeace (subscriber, #4435) [Link]

"All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all versions of SSLeay are affected ..." Then, in item 1 (the only one of the bunch which is the slightest bit scary, even potentially), "This issue does not affect OpenSSL 0.9.6."... What about prior versions? Does that mean only 0.9.7 introduced whatever the problem is there, or does it mean that for some strange reason 0.9.6 fixed the problem that was present in previous versions, and then 0.9.7 reintroduced it, or something?? I'm hoping all prior versions are immune, as well... Because, like I say, this is the only one of the bunch worth worrying about (as far as *I* am concerned; I really don't care one bit about "denial of service" attacks)... So, anyone know for sure what the scoop is on that first problem, in regards to which versions are truly affected??

Vulnerabilities in OpenSSL

Posted Oct 2, 2003 15:53 UTC (Thu) by ris (editor, #5) [Link]

My reading of this is that the first vulnerability was found and
fixed first, in version 0.9.6. Then the other (lesser) vulnerabilities
were fixed in 0.9.7. So all versions prior to 0.9.6 are vulnerable to
all four problems.

Vulnerabilities in OpenSSL

Posted Oct 2, 2003 22:06 UTC (Thu) by skarkkai (subscriber, #4128) [Link]

It appears to me that these OpenSSL vulnerabilities are being actively exploited. I and some of my friends have independently noticed similar symptoms in Apache+mod_ssl servers using OpenSSL where these vulnerabilities are not fixed. The symptoms are

1) You can connect to Apache, say by telnet to port 80, but you never get a reply to a HTTP request you send, or it takes a long time (tens of seconds) to get the reply.

2) In error_log there are lines like
[error] mod_ssl: Cannot open SSLSessionCache DBM file `/usr/local/www/apache/logs/ssl_scache' for writing (delete) (System error follows)
[error] System: No such file or directory (errno: 2)

It makes me wonder if the OpenSSL vulnerabilities allow for more than denial of service since they are so actively exploited.

Copyright © 2003, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds