Operating System:

Published:

13 July 2004

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

               ESB-2004.0452 -- CIAC BULLETIN REVISED O-101
                  OpenSSL Denial of Service Vulnerability
                               13 July 2004

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                OpenSSL
Publisher:              CIAC
Impact:                 Denial of Service
Access Required:        Remote
CVE Names:              CVE-2004-0079
                        CVS-2004-0112

Ref:                    ESB-2004.0389
                        ESB-2004.0334
                        ESB-2004.0254
                        ESB-2004.0235
                        ESB-2004.0225
                        ESB-2004.0221
                        ESB-2004.0219
                        ESB-2004.0217
                        ESB-2004.0216

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----


CIAC Bulletin O-101 has been revised to include a reference to 
HPSBUX01019 Rev.2 that provides patches for HP-UX B.11.04.  

             __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                    OpenSSL Denial of Service Vulnerability
                 [OpenSSL Security Advisory of March 17, 2004]

March 18, 2004 19:00 GMT                                          Number O-101
[REVISED 23 Mar 2004]
[REVISED 26 Mar 2004]
[REVISED 29 Mar 2004]
[REVISED 31 Mar 2004]
[REVISED 09 Apr 2004]
[REVISED 27 Apr 2004]
[REVISED 01 Jun 2004]
[REVISED 07 Jun 2004]
[REVISED 08 Jun 2004]
[REVISED 12 July 2004]
______________________________________________________________________________
PROBLEM:       Secure Sockets Layer (SSL) is a protocol used to encrypt the 
               data transferred over a TCP session. Vulnerabilities were 
               discovered in OpenSSL. 
PLATFORM:      All versions of OpenSSL from 0.9.6c to 0.9.6l, inclusive and 
               from 0.9.7a to 0.9.7c, inclusive 
               Any application that makes use of OpenSSL's SSL/TLS library may 
               be affected, including but not limited to the following:
               - Check Point: VPN-1/FireWall-1 NG and above
                              VPN-1/FireWall-1 VSX NG w/ App. Intelligence
                              Provider-1 NG and above
                              FireWall-1 GX v2.0 
               - Cisco IOS 12.1(11)E and later in the 12.1E release train. Only 
               crypto images (56i and k2) are vulnerable for the Cisco 7100 
               and 7200 Series Routers. 
               - Cisco IOS 12.2SY release train. Only crypto images (k8, k9 and 
               k91) are vulnerable for the Cisco Catalyst 6500 Series and 
               - Cisco 7600 Series Routers. 
               - Cisco PIX Firewall 
               - Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 
               6500 Series and Cisco 7600 Series routers 
               - Cisco MDS 9000 Series Multilayer Switch 
               - Cisco Content Service Switch (CSS) 11000 series 
               - Cisco Global Site Selector (GSS) 4480 
               - CiscoWorks Common Services (CWCS) version 2.2 and 
               - CiscoWorks Common Management Foundation (CMF) version 2.1 
               - Cisco Access Registrar (CAR) 
               - Red Hat Enterprise Linux AS, ES, WS (v.2.1, v.3) 
               - Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 
               - Debian GNU/Linux 3.0 (woody) openssl, openssl094, openssl095 pkgs
               - All FreeBSD 4.x and 5.x releases 
               - Symantec Clientless VPN Gateway 5.0 - Model 4400 Series
               - HP-UX B.11.00 and B.11.11 running HP-UX AAA Server A.0601.02.04
                 or earlier
               - HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 with 
                 hp apache web server, 2.0.43.04 or earlier, hp-ux apache-based 
                 web server, v.2.01 or earlier, hp apache-based web server 2.0.43.04 
                 with IPv6 support or earlier, and hp-ux apache-based web server 
                 with IPv6 support v.2.01 or earlier
               - SGI ProPack 3
               - Solaris 8 or Solaris 9 equipped with Sun Crypto Accelerator
                 4000 v1.0 boards configured to use Apache web server
DAMAGE:        Vulnerabilities exist where a remote attacker could perform a 
               carefully crafted SSL/TLS handshake against a server that used 
               the OpenSSL library or Kerberos ciphersuites in such a way as 
               to cause OpenSSL to crash. 
SOLUTION:      Install upgrades and/or apply patches. 
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. Depending on the application this could 
ASSESSMENT:    lead to a denial of service. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/o-101.shtml 
 ORIGINAL BULLETIN:  OpenSSL Security Advisory [17 March 2004]
                     http://www.openssl.org/news/secadv_20040317.txt 
 ADDITIONAL LINKS:   - Cisco Security Advisory Document ID: 49898
                     http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml
                     - Check Point:
                     http://www.checkpoint.com/techsupport/alerts/openssl.html 
                     - Red Hat Security Advisory RHSA-2004:119-04
                     https://rhn.redhat.com/errata/RHSA-2004-119.html
                     - Red Hat Security Advisory RHSA-2004:120-08 
                     https://rhn.redhat.com/errata/RHSA-2004-120.html
                     - Debian Security Advisory DSA 465-1
                     http://www.debian.org/security/2004/dsa-465
                     - FreeBSD Security Advisory SA-04:05.openssl
                     http://www.freebsd.org/security/
                     - SGI Security Advisory 20040304-01-U Security Update #16 
                     http://www.sgi.com/support/security/advisories.html
                     - SGI Security Advisory 20040509-01-U, for ProPack 3, 
                       Patch 10078
                     ftp://patches.sgi.com/support/free/security/advisories/20040509-01-U.asc
                     - Symantec Hotfix SCVG5-20040326-00
                     ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf1-readme.txt
                     - Visit Hewlett Packard's Subscription Service for:
                       HP Security Bulletins HPSBUX01019 rev.2 (SSRT4717 rev.2 ) and 
                       HPSBUX01011 (SSRT4717)
                     - Sun Alert ID: 57571
                       http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57571&zone_32=category%3Asecurity
                     - Sun Alert ID: 57524
                       http://www.sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57524&zone_32=category%3Asecurity
 CVE/CAN:            http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079
                     http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0112 
______________________________________________________________________________



- -----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBQPLSurnzJzdsy3QZAQFEqwQAuunVW0EOtUNT0ZXgmZ9tRgmhfBubeQaR
GAhxWrnwdufD/E91ImkBAoE9sz6pY4mznPLAV1gTzxtkxXBod4MDThMINgfy7xQO
9Sh4QJz0PynC5ymNLyUpe5C98NTU5Kvvfzv5f/8ynaJxSfdFOLbqYza/ENgjnbf+
8G7reD1XN/A=
=gJE9
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business 
                hours which are GMT+10:00 (AEST).  On call after hours 
                for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQPMrASh9+71yA2DNAQKLVQQAlGM/pa9H05933J1niOY6wDo2ifimzOwN
Z/6W3WFwb53iOSSAVUdz1aak8yaSlqttx3FhH8DiRS2SZukaD5U6/VaSgo7n2LYm
IgrwPR5Jjvg+qQ+fX5rUfcHiAiCO40VB6vTVH7ts2cEoPvPAX5vgPYAHZh5PKntc
CTwyvjMYMkA=
=/l0Z
-----END PGP SIGNATURE-----