Note: The red stoplight on this page indicates the highest severity level for this category of vulnerabilities. The severity level in this case is indicated by the colored dot beside the link to this tutorial on the previous page.
7/31/02
OpenSSL versions prior to 0.9.6e (and pre-release versions
prior to 0.9.7 beta 2) are affected by multiple
vulnerabilities which could allow remote execution of
commands or denial of service:
3/4/03
CAN 2003-0078
A weakness in OpenSSL's implementation of CBC-mode ciphers
could allow a remote attacker to decrypt data passing over
the network. By sending specially crafted ciphertext blocks in place
of legitimate ciphertext blocks and measuring the time it takes
to receive a response, an attacker could gain enough information
to decrypt any information that is sent repeatedly over the
network.
OpenSSL prior to 0.9.6i, and OpenSSL 0.9.7 prior to 0.9.7a are affected by this vulnerability if CBC mode is used. Exploitation would be very difficult and would require the ability to intercept legitimate traffic containing hundreds of blocks with low network latency.
3/20/03
CAN 2003-0147
This is another timing attack. A remote attacker could
recover the RSA secret key from OpenSSL if RSA blinding is
turned off, which is the usual configuration. OpenSSL 0.9.7a
and 0.9.6i are affected by this vulnerability.
7/31/02
CAN 2002-0659
OpenSSL uses a library which performs Abstract Syntax
Notation 1 (ASN.1) encoding, which is an international
standard for transmitting data between applications.
This library contains errors which could cause malformed
encodings to be parsed incorrectly, leading to a denial
of service. OpenSSL prior to 0.9.6e and pre-releases
prior to 0.9.7 beta 2 and possibly other implementations of
the SSL protocol are affected by this vulnerability.
CVE 2001-1141
A flaw in OpenSSL prior to 0.9.6b could allow an
attacker to determine the internal state of the pseudo-random
number generator (PRNG) by sending a number of one-byte
requests to the PRNG, thus allowing the attacker to predict
future random numbers. This vulnerability is not exploitable
in Apache or any other known applications which use the
OpenSSL library because they do not make one-byte requests
to the PRNG. However, this is still a weakness in the
cryptography and should be addressed.
If it is not possible to immediately upgrade, then at least install the patch for OpenSSL 0.9.6d, or for Solaris, patch 112869-02. These patches do not address the timing vulnerability but do address the other vulnerabilities.