Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.0506
OpenSSL multiple vulnerabilities
31 May 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openssl
Publisher: FreeBSD
Operating System: FreeBSD
Impact/Access: Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-2110 CVE-2012-0884 CVE-2011-4619
CVE-2011-4576 CVE-2011-4109
Reference: ESB-2012.0388
ESB-2012.0269
ESB-2012.0027
Original Bulletin:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-12:01.openssl.asc
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-12:01.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2012-05-03
Credits: Adam Langley, George Kadianakis, Ben Laurie,
Ivan Nestlerode, Tavis Ormandy
Affects: All supported versions of FreeBSD.
Corrected: 2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE)
2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8)
2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE)
2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2)
2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8)
2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10)
2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE)
2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2)
CVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109,
CVE-2012-0884, CVE-2012-2110
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
0. Revision History
v1.0 2012-05-02 Initial release.
v1.1 2012-05-30 Updated patch to add SGC and BUF_MEM_grow_clean(3) bug
fixes.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0
records when operating as a client or a server that accept SSL 3.0
handshakes. As a result, in each record, up to 15 bytes of uninitialized
memory may be sent, encrypted, to the SSL peer. This could include
sensitive contents of previously freed memory. [CVE-2011-4576]
OpenSSL support for handshake restarts for server gated cryptography (SGC)
can be used in a denial-of-service attack. [CVE-2011-4619]
If an application uses OpenSSL's certificate policy checking when
verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
flag, a policy check failure can lead to a double-free. [CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can be exploited using
Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
million message attack (MMA). [CVE-2012-0884]
The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
functions, in OpenSSL contains multiple integer errors that can cause
memory corruption when parsing encoded ASN.1 data. This error can occur
on systems that parse untrusted ASN.1 data, such as X.509 certificates
or RSA public keys. [CVE-2012-2110]
III. Impact
Sensitive contents of the previously freed memory can be exposed
when communicating with a SSL 3.0 peer. However, FreeBSD OpenSSL
version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and
therefore have a single write buffer per connection. That write buffer
is partially filled with non-sensitive, handshake data at the beginning
of the connection and, thereafter, only records which are longer than
any previously sent record leak any non-encrypted data. This, combined
with the small number of bytes leaked per record, serves to limit to
severity of this issue. [CVE-2011-4576]
Denial of service can be caused in the OpenSSL server application
supporting server gated cryptography by performing multiple handshake
restarts. [CVE-2011-4619]
The double-free, when an application performs X509 certificate policy
checking, can lead to denial of service in that application.
[CVE-2011-4109]
A weakness in the OpenSSL PKCS #7 code can lead to a successful
Bleichenbacher attack. Only users of PKCS #7 decryption operations are
affected. A successful attack needs on average 2^20 messages. In
practice only automated systems will be affected as humans will not be
willing to process this many messages. SSL/TLS applications are not
affected. [CVE-2012-0884]
The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead
to a potentially exploitable attack via buffer overflow. The SSL/TLS
code in OpenSSL is not affected by this issue, nor are applications
using the memory based ASN.1 functions. There are no applications in
FreeBSD base system affected by this issue, though some 3rd party
consumers of these functions might be vulnerable when processing
untrusted ASN.1 data. [CVE-2012-2110]
The patch provided with the initial version of this advisory introduced
bug to the Server Gated Cryptography (SGC) handshake code, that could
cause SGC handshake to fail for a legitimate client. The updated patch
also fixes the return error code in the BUF_MEM_grow_clean(3) function in the
buffer size check code introduced by the CVE-2012-2110 fix.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4, 8.3,
8.2, 8.1, and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch
# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch.asc
NOTE: The patch distributed at the time of the original advisory fixed
the security vulnerability, but introduced a bug to the SGC handshake
code that can cause the SGC handshake to fail for a legitimate client.
Systems to which the original patch was applied should be patched with
the following corrective patch, which contains only the additional
changes required to fix the newly-introduced SGC handshake bug. The
updated patch also corrects an error code for an error check introduced
in the original patch.
# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch
# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system as described in
<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
system.
NOTE: Any third-party applications, including those installed from the
FreeBSD ports collection, which are statically linked to libcrypto(3)
should be recompiled in order to use the corrected code.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or
9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- - -------------------------------------------------------------------------
RELENG_7
src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.3
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.2
src/crypto/openssl/crypto/mem.c 1.1.1.8.2.2
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.2
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.2
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.2.1
src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.3
src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.3
src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.2
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.8
src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.2
RELENG_7_4
src/UPDATING 1.507.2.36.2.10
src/sys/conf/newvers.sh 1.72.2.18.2.13
src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.1.2.2
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.1.2.1
src/crypto/openssl/crypto/mem.c 1.1.1.8.2.1.2.1
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.1.2.1
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.1.2.1
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.20.1
src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.2.2.1
src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.2.2.1
src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.1.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.5.2.2
src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.1.2.1
RELENG_8
src/crypto/openssl/crypto/buffer/buffer.c 1.2.2.2
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.2
src/crypto/openssl/crypto/mem.c 1.2.2.1
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.2.1
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.2
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.10.1
src/crypto/openssl/ssl/ssl.h 1.2.2.2
src/crypto/openssl/ssl/ssl_err.c 1.2.2.2
src/crypto/openssl/ssl/s3_enc.c 1.2.2.2
src/crypto/openssl/ssl/s3_srvr.c 1.3.2.6
src/crypto/openssl/ssl/ssl3.h 1.2.2.2
RELENG_8_3
src/UPDATING 1.632.2.26.2.4
src/sys/conf/newvers.sh 1.83.2.15.2.6
src/crypto/openssl/crypto/buffer/buffer.c 1.2.14.2
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.4.1
src/crypto/openssl/crypto/mem.c 1.2.14.1
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.14.1
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.6.1
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.26.1
src/crypto/openssl/ssl/ssl.h 1.2.2.1.6.1
src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.6.1
src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.4.1
src/crypto/openssl/ssl/s3_srvr.c 1.3.2.4.2.2
src/crypto/openssl/ssl/ssl3.h 1.2.2.1.6.1
RELENG_8_2
src/UPDATING 1.632.2.19.2.10
src/sys/conf/newvers.sh 1.83.2.12.2.13
src/crypto/openssl/crypto/buffer/buffer.c 1.2.8.2
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.2.1
src/crypto/openssl/crypto/mem.c 1.2.8.1
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.8.1
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.4.1
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.18.1
src/crypto/openssl/ssl/ssl.h 1.2.2.1.4.1
src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.4.1
src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.3.2.3.2.2
src/crypto/openssl/ssl/ssl3.h 1.2.2.1.4.1
RELENG_8_1
src/UPDATING 1.632.2.14.2.13
src/sys/conf/newvers.sh 1.83.2.10.2.14
src/crypto/openssl/crypto/buffer/buffer.c 1.2.6.2
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.16.1
src/crypto/openssl/crypto/mem.c 1.2.6.1
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.6.1
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.2.1
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.16.1
src/crypto/openssl/ssl/ssl.h 1.2.2.1.2.1
src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.2.1
src/crypto/openssl/ssl/s3_enc.c 1.2.6.1
src/crypto/openssl/ssl/s3_srvr.c 1.3.2.2.2.2
src/crypto/openssl/ssl/ssl3.h 1.2.2.1.2.1
RELENG_9
src/crypto/openssl/crypto/buffer/buffer.c 1.2.10.2
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.2.1
src/crypto/openssl/crypto/mem.c 1.2.10.1
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.10.1
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.2.1
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.22.1
src/crypto/openssl/ssl/ssl.h 1.3.2.1
src/crypto/openssl/ssl/ssl_err.c 1.3.2.1
src/crypto/openssl/ssl/s3_enc.c 1.3.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.7.2.2
src/crypto/openssl/ssl/ssl3.h 1.3.2.1
RELENG_9_0
src/UPDATING 1.702.2.4.2.4
src/sys/conf/newvers.sh 1.95.2.4.2.6
src/crypto/openssl/crypto/buffer/buffer.c 1.2.12.2
src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.4.1
src/crypto/openssl/crypto/mem.c 1.2.12.1
src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.12.1
src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.4.1
src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.24.1
src/crypto/openssl/ssl/ssl.h 1.3.4.1
src/crypto/openssl/ssl/ssl_err.c 1.3.4.1
src/crypto/openssl/ssl/s3_enc.c 1.3.4.1
src/crypto/openssl/ssl/s3_srvr.c 1.7.4.2
src/crypto/openssl/ssl/ssl3.h 1.3.4.1
- - -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- - -------------------------------------------------------------------------
stable/7/ r236304
releng/7.4/ r236304
stable/8/ r236304
releng/8.3/ r236304
releng/8.2/ r236304
releng/8.1/ r236304
stable/9/ r236304
releng/9.0/ r236304
- - -------------------------------------------------------------------------
VII. References
http://www.openssl.org/news/secadv_20120419.txt
http://www.openssl.org/news/secadv_20120312.txt
http://www.openssl.org/news/secadv_20120104.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
http://lists.openwall.net/full-disclosure/2012/04/19/4
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:01.openssl.asc
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/GEsMACgkQFdaIBMps37IOkwCgj6lSWidx+sk/C/seNNBmQfN8
36sAn2OQg0TEYq9xPf8yd0hrPICuDyGK
=T8ip
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT8bS6e4yVqjM2NGpAQLhjA//X03n7rfL5W1+yHeWTpJmmPwqaUZuwXTb
dLMOdogj+LsjYFtK58Ok8o5sRu2ObkWMfzmgGK4j80yCamrXY5f6/okaFjdz/QBu
0EDfNWjW/VDgcG/M94gq8l4H4d+NdmZK8Rjgywm/hp+bjdNqwwRFs2Ade3dSarGB
eZzpr+Y1ltLoYz5Vvcz8cFj9qoZpZCtOENqP9iuCRmUShVh9733uAakE7Tj1QNe0
VDx8bQvNMcdhr0TpWuCG/D4HOdx9wHQwlxhOTrSoAH+5W2rS5yIOUbRjdnUa0XJQ
0ztzhbbXgYqCOn/9iOnnHPCPOAPefuP2r0C/5Ai+EANl4MStgkmJnp6rHqOFNYzn
9N3HCvUGhIDzgFL8tvD7Lq5UvdXhfNeMFd8rMtcNG6luThiNm9LFGgeaLcLVgX0O
2nzcoxdLHKut2A2OxsAomkqvDNo948W1T9lsnLqecCe1fA03SJ49nAJXdTIjyA8n
HBmuBZNt7wsgv5Hyz32iL4zF22Czj6n6N/il7EzN7H9SZ2xk3oPuC84HZgt3POJp
voXtEqTSvu5NZq9OvbN0NKHA2Mp5++3ADmWTBStb3TG8YFVkoOAYQGUD3RBMG7xn
Ij+rIhRkL/b2wkCo046LD2OoD5nGJyS68TOEYpSuijgysxN3oVMW1x6oGb1oMJxj
lJWLxaFT+Yc=
=u4Jt
-----END PGP SIGNATURE-----