FreeBSD Security Advisories
2003-Oct-03 15:51 UTC
FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
============================================================================FreeBSD-SA-03:18.openssl
Security Advisory
The FreeBSD Project
Topic: OpenSSL vulnerabilities in ASN.1 parsing
Category: crypto
Module: openssl
Announced: 2003-10-03
Credits: NISCC <URL:http://www.niscc.gov.uk>
Dr. Stephen Henson <steve@openssl.org>
Affects: FreeBSD versions 4.0-RELEASE through 4.8-RELEASE,
5.0-RELEASE, and 5.1-RELEASE
4-STABLE prior to the correction date
Corrected: 2003-10-03 01:32:13 UTC (RELENG_4, 4.9-RC)
2003-10-03 18:13:19 UTC (RELENG_5_1, 5.1-RELEASE-p10)
2003-10-03 20:22:27 UTC (RELENG_5_0, 5.0-RELEASE-p18)
2003-10-03 18:14:26 UTC (RELENG_4_8, 4.8-RELEASE-p13)
2003-10-03 20:24:31 UTC (RELENG_4_7, 4.7-RELEASE-p23)
2003-10-03 20:24:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p26)
FreeBSD only: NO
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL
Project is a collaborative effort to develop a robust, commercial-
grade, full-featured, and Open Source toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose cryptography
library.
II. Problem Description
This advisory addresses four separate flaws recently fixed in OpenSSL.
The flaws are described in the following excerpt from the OpenSSL.org
advisory (see references):
1. Certain ASN.1 encodings that are rejected as invalid by the
parser can trigger a bug in the deallocation of the corresponding
data structure, corrupting the stack. This can be used as a denial
of service attack. It is currently unknown whether this can be
exploited to run malicious code. This issue does not affect OpenSSL
0.9.6.
2. Unusual ASN.1 tag values can cause an out of bounds read
under certain circumstances, resulting in a denial of service
vulnerability.
3. A malformed public key in a certificate will crash the verify
code if it is set to ignore public key decoding errors. Public
key decode errors are not normally ignored, except for
debugging purposes, so this is unlikely to affect production
code. Exploitation of an affected application would result in a
denial of service vulnerability.
4. Due to an error in the SSL/TLS protocol handling, a server
will parse a client certificate when one is not specifically
requested. This by itself is not strictly speaking a vulnerability
but it does mean that *all* SSL/TLS servers that use OpenSSL can be
attacked using vulnerabilities 1, 2 and 3 even if they don't enable
client authentication.
III. Impact
A remote attacker may create a malicious ASN.1 encoded message that
will cause an OpenSSL-using application to crash, or even perhaps
execute arbitrary code with the privileges of the application.
Only applications that use OpenSSL's ASN.1 or X.509 handling code
are affected. Applications that use other portions of OpenSSL
are unaffected (e.g. Apache+mod_ssl is affected, while OpenSSH is
unaffected).
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1,
RELENG_4_8, or RELENG_4_7 security branch dated after the correction
date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 4.6, 4.7,
4.8, 5.0, and 5.1 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 4.6, 4.7, 5.0 -- be sure you have previously applied the
patches for advisories FreeBSD-SA-03:02 and FreeBSD-SA-03:06 before
applying this patch.]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl96.patch
# fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl96.patch.asc
[FreeBSD 4.8, 5.1]
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl97.patch
# fetch
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl97.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system as described in
<URL:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >.
Note that any statically linked applications that are not part of the
base system (i.e. from the Ports Collection or other 3rd-party sources)
must be recompiled.
All affected applications must be restarted for them to use the
corrected library. Though not required, rebooting may be the easiest
way to accomplish this.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_5_1
src/UPDATING 1.251.2.12
src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.8.2.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.4.1
src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.5.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.11.2.1
src/sys/conf/newvers.sh 1.50.2.12
RELENG_5_0
src/UPDATING 1.229.2.24
src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.7.2.1
src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.4.2.2
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.9.2.3
src/sys/conf/newvers.sh 1.48.2.19
RELENG_4_8
src/UPDATING 1.73.2.80.2.15
src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.7.2.1
src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.1.2.1
src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.4.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.7.2.1
src/sys/conf/newvers.sh 1.44.2.29.2.14
RELENG_4_7
src/UPDATING 1.73.2.74.2.26
src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.6.2.1
src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.3.2.2
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.5.2.3
src/sys/conf/newvers.sh 1.44.2.26.2.25
RELENG_4_6
src/UPDATING 1.73.2.68.2.55
src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.3.6.4
src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.2.8.3
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.4
src/sys/conf/newvers.sh 1.44.2.23.2.43
- -------------------------------------------------------------------------
VII. References
<URL: http://www.openssl.org/news/secadv_20030930.txt >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 >
<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 >
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD4DBQE/fe+bFdaIBMps37IRAmp8AKCDqpNf+MCJ6K1eFyWPul/cnjSzTgCY8hd6
IIOxA/5Hl4quuh64va5/5A==1DI+
-----END PGP SIGNATURE-----
On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote: Hi,> V. Solution > > Perform one of the following:...> 2) To patch your present system:...> c) Recompile the operating system as described in > <URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >. > > Note that any statically linked applications that are not part of the > base system (i.e. from the Ports Collection or other 3rd-party sources) > must be recompiled.this seems to be a default disclaimer for the openssl advisories but at this point I am asking myself if there are any applications statically linked against librypto or libssl in the base system ? from what I can see no API is changed with this patch so wouldn't it be possible to recompile libssl/libcrypto and install only them instead of rebuilding the complete base system as suggested (assuming nothing in the base system is statically linked against one of the two) ? -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
At 00:06 04/10/2003 +0000, Bjoern A. Zeeb wrote:>On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote: > > c) Recompile the operating system as described in > > <URL: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >. > >from what I can see no API is changed with this patch so wouldn't it be >possible to recompile libssl/libcrypto and install only them instead of >rebuilding the complete base system as suggested (assuming nothing in >the base system is statically linked against one of the two) ?I think that's probably enough, but I'm not sure; a couple hours from now I should be able to say for certain (at least for RELENG_4_7) as the latest FreeBSD Update build finishes. Colin Percival
At 00:06 04/10/2003 +0000, Bjoern A. Zeeb wrote:>On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote: > > c) Recompile the operating system as described in > > <URL: > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >. > >wouldn't it be >possible to recompile libssl/libcrypto and install only them instead of >rebuilding the complete base system as suggestedJust to confirm the contents of my earlier email: The only binaries affected by this in RELENG_4_7 are /usr/lib/lib(ssl|crypto)(.a|.so.2|_p.a) -- so rebuilding those two libraries (and any statically linked ports software) should be enough. Colin Percival
On Fri, 3 Oct 2003, FreeBSD Security Advisories wrote: Hi, thanks for previous help/clarification that only the libs need rebuilding.> III. Impact > > A remote attacker may create a malicious ASN.1 encoded message that > will cause an OpenSSL-using application to crash, or even perhaps > execute arbitrary code with the privileges of the application. > > Only applications that use OpenSSL's ASN.1 or X.509 handling code > are affected. Applications that use other portions of OpenSSL > are unaffected (e.g. Apache+mod_ssl is affected, while OpenSSH is > unaffected).Another question: can someone please confirm that mod_ssl.so from apache 2.0.47 port is _not_ affected ? I have rebuilt libssl, libcrypto and installed them (they all differ from the old libs after make install) and done a rebuild of mod_ssl. But the new mod_ssl.so doesn't differ from the one built late August: [ports]apache2/work/httpd-2.0.47/modules/ssl/.libs> md5 mod_ssl.so MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457 /usr/local/libexec/apache2> md5 mod_ssl.so MD5 (mod_ssl.so) = a4e31cf6e4aff5ca91f164d57eb68457 Also diff does not say that the binary files would differ. Thanks in advance. -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
On Oct 03, at 03:49 PM, FreeBSD Security Advisories wrote:> > ============================================================================> FreeBSD-SA-03:18.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL vulnerabilities in ASN.1 parsingJust an FYI, this patch applies cleanly to RELENG_4_5, given the same caveat as that for RELENG_4_6 (i.e., SA-03:02 and SA-03:06 have already been applied). Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/
D J Hawkey Jr
2003-Oct-06 09:19 UTC
4.6-R (Was: Re: FreeBSD Security Advisory FreeBSD-SA-03:18.openssl)
On Oct 06, at 10:02 AM, Jacques A. Vidrine wrote:> > > > Check the commit logs on RELENG_4 from that period. The differences > > > are due to normal development between the time 4.5-RELEASE and > > > 4.6-RELEASE. > > I didn't make the changes, so I'd have to look at the CVS history to > answer specific questions myself. However, in general we change the > defaults to be `better' or `safer'.Just a coda to this sub-thread: The SSH config file changes in SA-03:15 reflect the defaults as doc'd in the RELENG_4_5 man pages, though the commented options in the default RELENG_4_5 config files do not match the documented defaults. L8r, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/