-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
ESB-2002.369 -- CERT Advisory CA-2002-23
Multiple Vulnerabilities In OpenSSL
31 July 2002
AusCERT Security Bulletin Summary
Product: OpenSSL prior to 0.9.6e,
up to and including pre-release 0.9.7-beta2
OpenSSL pre-release 0.9.7-beta2
and prior with Kerberos enabled
Impact: Denial of Service
Execute Arbitrary Code/Commands
Access Required: Remote
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
CERT Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL
Original release date: July 30, 2002
Last revised: --
A complete revision history can be found at the end of this file.
* OpenSSL prior to 0.9.6e, up to and including pre-release
* OpenSSL pre-release 0.9.7-beta2 and prior with Kerberos enabled
* SSLeay library
There are four remotely exploitable buffer overflows in OpenSSL. There
are also encoding problems in the ASN.1 library used by OpenSSL.
Several of these vulnerabilities could be used by a remote attacker to
execute arbitrary code on the target system. All could be used to
create denial of service.
OpenSSL is a widely deployed, open source implementation of the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography
library. The SSL and TLS protocols are used to provide a secure
connection between a client and a server for higher level protocols
such as HTTP. Four remotely exploitable vulnerabilities exist in many
OpenSSL client and server systems.
VU#102795 - OpenSSL servers contain a buffer overflow during the SSLv2
Versions of OpenSSL servers prior to 0.9.6e and pre-release version
0.9.7-beta2 contain a remotely exploitable buffer overflow
vulnerability. This vulnerability can be exploited by a client
using a malformed key during the handshake process with an SSL
server connection. Note that only SSLv2-supported sessions are
affected by this issue.
This issue is also being referenced as CAN-2002-0656.
VU#258555 - OpenSSL clients contain a buffer overflow during the SSLv3
OpenSSL clients using SSLv3 prior to version 0.9.6e and pre-release
version 0.9.7-beta2 contain a buffer overflow vulnerability. A
malicious server can exploit this by sending a large session ID to
the client during the handshake process.
This issue is also being referenced as CAN-2002-0656.
VU#561275 - OpenSSL servers with Kerberos enabled contain a remotely
exploitable buffer overflow vulnerability during the SSLv3 handshake
Servers running OpenSSL pre-release version 0.9.7 with Kerberos
enabled contain a remotely exploitable buffer overflow
vulnerability. This vulnerability can be exploited by a malicious
client sending a malformed key during the SSLv3 handshake process
with the server.
This issue is also being referenced as CAN-2002-0657.
VU#308891 - OpenSSL contains multiple buffers overflows in buffers
that are used to hold ASCII representations of integers
OpenSSL clients and servers prior to version 0.9.6e and pre-release
version 0.9.7-beta2 contain multiple remotely exploitable buffer
overflow vulnerabilities if running on 64-bit platforms. These
buffers are used to hold ASCII representations of integers.
This issue is also being referenced as CAN-2002-0655.
In addition, a separate issue has been identified in OpenSSL involving
malformed ASN.1 encodings. Affected components include SSL or TLS
applications, as well as S/MIME, PKCS#7, and certificate creation
VU#748355 - ASN.1 encoding errors exist in implementations of SSL,
TLS, S/MIME, PKCS#7 routines
The ASN.1 library used by OpenSSL has various encoding errors that
allow malformed certificate encodings to be parsed incorrectly.
Exploitation of this vulnerability can lead to remote
denial-of-service issues. Routines affected include those
supporting SSL and TLS applications, as well as those supporting
S/MIME, PKCS#7, and certificate creation.
This issue is also being referenced as CAN-2002-0659.
Although these vulnerabilities affect OpenSSL, other implementations
of the SSL protocol that use or share a common code base may be
affected. This includes implementations that are derived from the
SSLeay library developed by Eric A. Young and Tim J. Hudson.
As noted in the OpenSSL advisory as well, sites running OpenSSL 0.9.6d
servers on 32-bit platforms with SSLv2 handshaking disabled will not
be affected by any of the buffer overflows described above. However,
due to the nature of the ASN.1 encoding errors, such sites may still
be affected by denial-of-service situations.
By exploiting the buffer overflows above, a remote attacker can
execute arbitrary code on a vulnerable server or client system or
cause a denial-of-service situation. Exploitation of the ASN.1
encoding errors can lead to a denial of service.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this advisory.
As vendors report new information to the CERT/CC, we will update this
section and note the changes in our revision history. If a particular
vendor is not listed below or in the individual vulnerability notes,
we have not received their comments. Please contact your vendor
Upgrade to version 0.9.6e of OpenSSL
Upgrade to version 0.9.6e of OpenSSL to resolve the issues addressed
in this advisory. As noted in the OpenSSL advisory, separate patches
Combined patches for OpenSSL 0.9.6d:
After either applying the patches above or upgrading to 0.9.6e,
recompile all applications using OpenSSL to support SSL or TLS
services, and restart said services or systems. This will eliminate
all known vulnerable code.
Sites running OpenSSL pre-release version 0.9.7-beta2 may wish to
upgrade to 0.9.7-beta3, which corrects these vulnerabilities. Separate
patches are available as well:
Combined patches for OpenSSL 0.9.7 beta 2:
Disable vulnerable applications or services
Until fixes for these vulnerabilities can be applied, disable all
applications that use vulnerable implementations of OpenSSL. Systems
with OpenSSL 0.9.7 pre-release with Kerberos enabled also need to
disable Kerberos to protect against VU#561275. As a best practice, the
CERT/CC recommends disabling all services that are not explicitly
required. Before deciding to disable SSL or TLS, carefully consider
the impact that this will have on your service requirements.
Disabling SSLv2 handshaking will prevent exploitation of VU#102795.
However, due to the nature of the ASN.1 encoding errors, such sites
would still be vulnerable to denial-of-service attacks.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this
advisory. As vendors report new information to the CERT/CC, we will
update this section and note the changes in our revision history. If a
particular vendor is not listed below or in the individual
vulnerability notes, we have not received their comments.
The OpenLDAP Project uses OpenSSL. Rebuilding OpenLDAP with updated
versions of OpenSSL should adequately address reported issues.
Those using packaged versions of OpenLDAP should contact the
package distributor for update information.
Please see http://www.openssl.org/news/secadv_20020730.txt.
Red Hat distributes affected versions of OpenSSL in all Red Hat
Linux distributions as well as the Stronghold web server. Red Hat
Linux errata packages that fix the above vulnerabilities
(CAN-2002-0655 and CAN-2002-0656) are available from the URL below.
Users of the Red Hat Network are able to update their systems using
the 'up2date' tool. A future update will fix the potential remote
DOS in the ASN.1 encoding (CAN-2002-0659)
These vulnerabilities were discovered and reported by the following:
* VU#102795 - discovered by A.L. Digital Ltd and independently
discovered and reported by John McDonald of Neohapsis
* VU#258555, VU#561275, VU#308891 - discovered by A.L. Digital Ltd
* VU#748355 - discovered by Adi Stav and James Yonan independently
The CERT/CC thanks the OpenSSL team for the work they put into their
advisory, on which this document is largely based.
Feedback can be directed to the authors: Jason A. Rafail, Cory F.
Cohen, Jeffrey S. Havrilla, Shawn V. Hernan.
This document is available from:
CERT/CC Contact Information
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
We strongly urge you to encrypt sensitive information sent by email.
Our public PGP key is available from
If you prefer to use DES, please call the CERT hotline for more
Getting security information
CERT publications and other security information are available from
our web site
To subscribe to the CERT mailing list for advisories and bulletins,
send email to email@example.com. Please include in the body of your
* "CERT" and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
Any material furnished by Carnegie Mellon University and the Software
Engineering Institute is furnished on an "as is" basis. Carnegie
Mellon University makes no warranties of any kind, either expressed or
implied as to any matter including, but not limited to, warranty of
fitness for a particular purpose or merchantability, exclusivity or
results obtained from use of the material. Carnegie Mellon University
does not make any warranty of any kind with respect to freedom from
patent, trademark, or copyright infringement.
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
July 30, 2002: Initial release
- -----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to firstname.lastname@example.org
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----