CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#102795

OpenSSL servers contain a buffer overflow during the SSL2 handshake process

Overview

OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL servers that could lead to the execution of arbitrary code on the server.

I. Description

Versions of OpenSSL servers prior to 0.9.6e and pre-release version 0.9.7-beta2 contain a remotely exploitable buffer overflow vulnerability. This vulnerability can be exploited by a client using a malformed key during the handshake process with an SSL server connection using the SSLv2 communication process.

II. Impact

Exploitation of this vulnerability could lead to the execution of arbitrary code on the server. The code will be executed with the privileges of the application or service exploited via this vulnerability.

III. Solution

OpenSSL servers should apply the patches provided by your vendors, or upgrade to OpenSSL 0.9.6e. Note that applications statically linking to OpenSSL libraries may need to be recompiled with the corrected version of OpenSSL.

Servers can disable SSL2 or disable all applications using SSL or TLS until the patches are applied.

Systems Affected

VendorStatusDate Updated
ApacheUnknown9-Aug-2002
Apache-SSLUnknown9-Aug-2002
Apple Computer Inc.Vulnerable9-Aug-2002
CovalentVulnerable17-Sep-2002
DebianVulnerable9-Aug-2002
Gentoo LinuxVulnerable9-Aug-2002
Guardian DigitalVulnerable9-Aug-2002
Hewlett-Packard CompanyVulnerable9-Aug-2002
IBMVulnerable9-Aug-2002
Inktomi CorporationNot Vulnerable17-Sep-2002
Juniper NetworksVulnerable16-Aug-2002
Lotus Development CorporationNot Vulnerable9-Aug-2002
MandrakeSoftVulnerable23-Sep-2002
Microsoft CorporationNot Vulnerable26-Sep-2002
NCSAUnknown9-Aug-2002
NetBSDVulnerable23-Sep-2002
OpenLDAPVulnerable9-Aug-2002
OpenPKGVulnerable9-Aug-2002
OpenSSLVulnerable30-Jul-2002
OracleVulnerable9-Aug-2002
Red Hat Inc.Vulnerable9-Aug-2002
RSA SecurityVulnerable13-Sep-2002
Secure Computing CorporationVulnerable30-Sep-2002
SuSEVulnerable23-Sep-2002
TrustixVulnerable9-Aug-2002

References

http://www.kb.cert.org/vuls/id/258555
http://www.kb.cert.org/vuls/id/308891
http://www.kb.cert.org/vuls/id/561275
http://www.kb.cert.org/vuls/id/748355
http://www.securityfocus.com/bid/5363

Credit

The CERT/CC thanks Greg Shipley of Neohapsis for reporting this issue to us. John McDonald <jm@neohapsis.com> is credited for discovering this issue. It was also found independently by A.L. Digital Ltd.

This document was written by Jason A Rafail.

Other Information

Date Public07/30/2002
Date First Published07/30/2002 10:11:56 AM
Date Last Updated09/30/2002
CERT AdvisoryCA-2002-23
CVE NameCAN-2002-0656
Metric17.63
Document Revision37

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2002 Carnegie Mellon University