Published:
13 July 2004
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0452 -- CIAC BULLETIN REVISED O-101
OpenSSL Denial of Service Vulnerability
13 July 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OpenSSL
Publisher: CIAC
Impact: Denial of Service
Access Required: Remote
CVE Names: CVE-2004-0079
CVS-2004-0112
Ref: ESB-2004.0389
ESB-2004.0334
ESB-2004.0254
ESB-2004.0235
ESB-2004.0225
ESB-2004.0221
ESB-2004.0219
ESB-2004.0217
ESB-2004.0216
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
CIAC Bulletin O-101 has been revised to include a reference to
HPSBUX01019 Rev.2 that provides patches for HP-UX B.11.04.
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
OpenSSL Denial of Service Vulnerability
[OpenSSL Security Advisory of March 17, 2004]
March 18, 2004 19:00 GMT Number O-101
[REVISED 23 Mar 2004]
[REVISED 26 Mar 2004]
[REVISED 29 Mar 2004]
[REVISED 31 Mar 2004]
[REVISED 09 Apr 2004]
[REVISED 27 Apr 2004]
[REVISED 01 Jun 2004]
[REVISED 07 Jun 2004]
[REVISED 08 Jun 2004]
[REVISED 12 July 2004]
______________________________________________________________________________
PROBLEM: Secure Sockets Layer (SSL) is a protocol used to encrypt the
data transferred over a TCP session. Vulnerabilities were
discovered in OpenSSL.
PLATFORM: All versions of OpenSSL from 0.9.6c to 0.9.6l, inclusive and
from 0.9.7a to 0.9.7c, inclusive
Any application that makes use of OpenSSL's SSL/TLS library may
be affected, including but not limited to the following:
- Check Point: VPN-1/FireWall-1 NG and above
VPN-1/FireWall-1 VSX NG w/ App. Intelligence
Provider-1 NG and above
FireWall-1 GX v2.0
- Cisco IOS 12.1(11)E and later in the 12.1E release train. Only
crypto images (56i and k2) are vulnerable for the Cisco 7100
and 7200 Series Routers.
- Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and
k91) are vulnerable for the Cisco Catalyst 6500 Series and
- Cisco 7600 Series Routers.
- Cisco PIX Firewall
- Cisco Firewall Services Module (FWSM) for the Cisco Catalyst
6500 Series and Cisco 7600 Series routers
- Cisco MDS 9000 Series Multilayer Switch
- Cisco Content Service Switch (CSS) 11000 series
- Cisco Global Site Selector (GSS) 4480
- CiscoWorks Common Services (CWCS) version 2.2 and
- CiscoWorks Common Management Foundation (CMF) version 2.1
- Cisco Access Registrar (CAR)
- Red Hat Enterprise Linux AS, ES, WS (v.2.1, v.3)
- Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
- Debian GNU/Linux 3.0 (woody) openssl, openssl094, openssl095 pkgs
- All FreeBSD 4.x and 5.x releases
- Symantec Clientless VPN Gateway 5.0 - Model 4400 Series
- HP-UX B.11.00 and B.11.11 running HP-UX AAA Server A.0601.02.04
or earlier
- HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 with
hp apache web server, 2.0.43.04 or earlier, hp-ux apache-based
web server, v.2.01 or earlier, hp apache-based web server 2.0.43.04
with IPv6 support or earlier, and hp-ux apache-based web server
with IPv6 support v.2.01 or earlier
- SGI ProPack 3
- Solaris 8 or Solaris 9 equipped with Sun Crypto Accelerator
4000 v1.0 boards configured to use Apache web server
DAMAGE: Vulnerabilities exist where a remote attacker could perform a
carefully crafted SSL/TLS handshake against a server that used
the OpenSSL library or Kerberos ciphersuites in such a way as
to cause OpenSSL to crash.
SOLUTION: Install upgrades and/or apply patches.
______________________________________________________________________________
VULNERABILITY The risk is MEDIUM. Depending on the application this could
ASSESSMENT: lead to a denial of service.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-101.shtml
ORIGINAL BULLETIN: OpenSSL Security Advisory [17 March 2004]
http://www.openssl.org/news/secadv_20040317.txt
ADDITIONAL LINKS: - Cisco Security Advisory Document ID: 49898
http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
- Check Point:
http://www.checkpoint.com/techsupport/alerts/openssl.html
- Red Hat Security Advisory RHSA-2004:119-04
https://rhn.redhat.com/errata/RHSA-2004-119.html
- Red Hat Security Advisory RHSA-2004:120-08
https://rhn.redhat.com/errata/RHSA-2004-120.html
- Debian Security Advisory DSA 465-1
http://www.debian.org/security/2004/dsa-465
- FreeBSD Security Advisory SA-04:05.openssl
http://www.freebsd.org/security/
- SGI Security Advisory 20040304-01-U Security Update #16
http://www.sgi.com/support/security/advisories.html
- SGI Security Advisory 20040509-01-U, for ProPack 3,
Patch 10078
ftp://patches.sgi.com/support/free/security/advisories/20040509-01-U.asc
- Symantec Hotfix SCVG5-20040326-00
ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt
- Visit Hewlett Packard's Subscription Service for:
HP Security Bulletins HPSBUX01019 rev.2 (SSRT4717 rev.2 ) and
HPSBUX01011 (SSRT4717)
- Sun Alert ID: 57571
http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57571&zone_32=category%3Asecurity
- Sun Alert ID: 57524
http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57524&zone_32=category%3Asecurity
CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112
______________________________________________________________________________
- -----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
iQCVAwUBQPLSurnzJzdsy3QZAQFEqwQAuunVW0EOtUNT0ZXgmZ9tRgmhfBubeQaR
GAhxWrnwdufD/E91ImkBAoE9sz6pY4mznPLAV1gTzxtkxXBod4MDThMINgfy7xQO
9Sh4QJz0PynC5ymNLyUpe5C98NTU5Kvvfzv5f/8ynaJxSfdFOLbqYza/ENgjnbf+
8G7reD1XN/A=
=gJE9
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQPMrASh9+71yA2DNAQKLVQQAlGM/pa9H05933J1niOY6wDo2ifimzOwN
Z/6W3WFwb53iOSSAVUdz1aak8yaSlqttx3FhH8DiRS2SZukaD5U6/VaSgo7n2LYm
IgrwPR5Jjvg+qQ+fX5rUfcHiAiCO40VB6vTVH7ts2cEoPvPAX5vgPYAHZh5PKntc
CTwyvjMYMkA=
=/l0Z
-----END PGP SIGNATURE-----