Published:
13 July 2004
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0452 -- CIAC BULLETIN REVISED O-101 OpenSSL Denial of Service Vulnerability 13 July 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OpenSSL Publisher: CIAC Impact: Denial of Service Access Required: Remote CVE Names: CVE-2004-0079 CVS-2004-0112 Ref: ESB-2004.0389 ESB-2004.0334 ESB-2004.0254 ESB-2004.0235 ESB-2004.0225 ESB-2004.0221 ESB-2004.0219 ESB-2004.0217 ESB-2004.0216 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- CIAC Bulletin O-101 has been revised to include a reference to HPSBUX01019 Rev.2 that provides patches for HP-UX B.11.04. __________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN OpenSSL Denial of Service Vulnerability [OpenSSL Security Advisory of March 17, 2004] March 18, 2004 19:00 GMT Number O-101 [REVISED 23 Mar 2004] [REVISED 26 Mar 2004] [REVISED 29 Mar 2004] [REVISED 31 Mar 2004] [REVISED 09 Apr 2004] [REVISED 27 Apr 2004] [REVISED 01 Jun 2004] [REVISED 07 Jun 2004] [REVISED 08 Jun 2004] [REVISED 12 July 2004] ______________________________________________________________________________ PROBLEM: Secure Sockets Layer (SSL) is a protocol used to encrypt the data transferred over a TCP session. Vulnerabilities were discovered in OpenSSL. PLATFORM: All versions of OpenSSL from 0.9.6c to 0.9.6l, inclusive and from 0.9.7a to 0.9.7c, inclusive Any application that makes use of OpenSSL's SSL/TLS library may be affected, including but not limited to the following: - Check Point: VPN-1/FireWall-1 NG and above VPN-1/FireWall-1 VSX NG w/ App. Intelligence Provider-1 NG and above FireWall-1 GX v2.0 - Cisco IOS 12.1(11)E and later in the 12.1E release train. Only crypto images (56i and k2) are vulnerable for the Cisco 7100 and 7200 Series Routers. - Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and k91) are vulnerable for the Cisco Catalyst 6500 Series and - Cisco 7600 Series Routers. - Cisco PIX Firewall - Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series and Cisco 7600 Series routers - Cisco MDS 9000 Series Multilayer Switch - Cisco Content Service Switch (CSS) 11000 series - Cisco Global Site Selector (GSS) 4480 - CiscoWorks Common Services (CWCS) version 2.2 and - CiscoWorks Common Management Foundation (CMF) version 2.1 - Cisco Access Registrar (CAR) - Red Hat Enterprise Linux AS, ES, WS (v.2.1, v.3) - Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor - Debian GNU/Linux 3.0 (woody) openssl, openssl094, openssl095 pkgs - All FreeBSD 4.x and 5.x releases - Symantec Clientless VPN Gateway 5.0 - Model 4400 Series - HP-UX B.11.00 and B.11.11 running HP-UX AAA Server A.0601.02.04 or earlier - HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 with hp apache web server, 2.0.43.04 or earlier, hp-ux apache-based web server, v.2.01 or earlier, hp apache-based web server 2.0.43.04 with IPv6 support or earlier, and hp-ux apache-based web server with IPv6 support v.2.01 or earlier - SGI ProPack 3 - Solaris 8 or Solaris 9 equipped with Sun Crypto Accelerator 4000 v1.0 boards configured to use Apache web server DAMAGE: Vulnerabilities exist where a remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library or Kerberos ciphersuites in such a way as to cause OpenSSL to crash. SOLUTION: Install upgrades and/or apply patches. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Depending on the application this could ASSESSMENT: lead to a denial of service. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-101.shtml ORIGINAL BULLETIN: OpenSSL Security Advisory [17 March 2004] http://www.openssl.org/news/secadv_20040317.txt ADDITIONAL LINKS: - Cisco Security Advisory Document ID: 49898 http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml - Check Point: http://www.checkpoint.com/techsupport/alerts/openssl.html - Red Hat Security Advisory RHSA-2004:119-04 https://rhn.redhat.com/errata/RHSA-2004-119.html - Red Hat Security Advisory RHSA-2004:120-08 https://rhn.redhat.com/errata/RHSA-2004-120.html - Debian Security Advisory DSA 465-1 http://www.debian.org/security/2004/dsa-465 - FreeBSD Security Advisory SA-04:05.openssl http://www.freebsd.org/security/ - SGI Security Advisory 20040304-01-U Security Update #16 http://www.sgi.com/support/security/advisories.html - SGI Security Advisory 20040509-01-U, for ProPack 3, Patch 10078 ftp://patches.sgi.com/support/free/security/advisories/20040509-01-U.asc - Symantec Hotfix SCVG5-20040326-00 ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt - Visit Hewlett Packard's Subscription Service for: HP Security Bulletins HPSBUX01019 rev.2 (SSRT4717 rev.2 ) and HPSBUX01011 (SSRT4717) - Sun Alert ID: 57571 http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57571&zone_32=category%3Asecurity - Sun Alert ID: 57524 http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57524&zone_32=category%3Asecurity CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112 ______________________________________________________________________________ - -----BEGIN PGP SIGNATURE----- Version: 4.0 Business Edition iQCVAwUBQPLSurnzJzdsy3QZAQFEqwQAuunVW0EOtUNT0ZXgmZ9tRgmhfBubeQaR GAhxWrnwdufD/E91ImkBAoE9sz6pY4mznPLAV1gTzxtkxXBod4MDThMINgfy7xQO 9Sh4QJz0PynC5ymNLyUpe5C98NTU5Kvvfzv5f/8ynaJxSfdFOLbqYza/ENgjnbf+ 8G7reD1XN/A= =gJE9 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQPMrASh9+71yA2DNAQKLVQQAlGM/pa9H05933J1niOY6wDo2ifimzOwN Z/6W3WFwb53iOSSAVUdz1aak8yaSlqttx3FhH8DiRS2SZukaD5U6/VaSgo7n2LYm IgrwPR5Jjvg+qQ+fX5rUfcHiAiCO40VB6vTVH7ts2cEoPvPAX5vgPYAHZh5PKntc CTwyvjMYMkA= =/l0Z -----END PGP SIGNATURE-----