Impact

Note: The red stoplight on this page indicates the highest severity level for this category of vulnerabilities. The severity level in this case is indicated by the colored dot beside the link to this tutorial on the previous page.

Background

The Problems

7/31/02
OpenSSL versions prior to 0.9.6e (and pre-release versions prior to 0.9.7 beta 2) are affected by multiple vulnerabilities which could allow remote execution of commands or denial of service:

• A buffer overflow in the SSLv2 handshake process in OpenSSL servers, exploitable by a remote attacker sending a malformed client key
• A buffer overflow in the SSLv3 handshake process in OpenSSL clients, exploitable by a malicious web site sending a large session ID
• CAN 2002-0656 CAN 2002-0657 A buffer overflow in the SSLv3 handshake process in OpenSSL servers with Kerberos enabled, exploitable by a remote attacker sending a malformed client key (OpenSSL 0.9.7 pre-releases only.)
• CAN 2002-0655 Buffer overflows in the buffers used to hold ASCII representations of integers in OpenSSL clients and servers on 64-bit platforms

3/4/03
CAN 2003-0078
A weakness in OpenSSL's implementation of CBC-mode ciphers could allow a remote attacker to decrypt data passing over the network. By sending specially crafted ciphertext blocks in place of legitimate ciphertext blocks and measuring the time it takes to receive a response, an attacker could gain enough information to decrypt any information that is sent repeatedly over the network.

OpenSSL prior to 0.9.6i, and OpenSSL 0.9.7 prior to 0.9.7a are affected by this vulnerability if CBC mode is used. Exploitation would be very difficult and would require the ability to intercept legitimate traffic containing hundreds of blocks with low network latency.

3/20/03
CAN 2003-0147
This is another timing attack. A remote attacker could recover the RSA secret key from OpenSSL if RSA blinding is turned off, which is the usual configuration. OpenSSL 0.9.7a and 0.9.6i are affected by this vulnerability.

7/31/02
CAN 2002-0659
OpenSSL uses a library which performs Abstract Syntax Notation 1 (ASN.1) encoding, which is an international standard for transmitting data between applications. This library contains errors which could cause malformed encodings to be parsed incorrectly, leading to a denial of service. OpenSSL prior to 0.9.6e and pre-releases prior to 0.9.7 beta 2 and possibly other implementations of the SSL protocol are affected by this vulnerability.

CVE 2001-1141
A flaw in OpenSSL prior to 0.9.6b could allow an attacker to determine the internal state of the pseudo-random number generator (PRNG) by sending a number of one-byte requests to the PRNG, thus allowing the attacker to predict future random numbers. This vulnerability is not exploitable in Apache or any other known applications which use the OpenSSL library because they do not make one-byte requests to the PRNG. However, this is still a weakness in the cryptography and should be addressed.

Resolution

If it is not possible to immediately upgrade, then at least install the patch for OpenSSL 0.9.6d, or for Solaris, patch 112869-02. These patches do not address the timing vulnerability but do address the other vulnerabilities.

Where can I read more about this?