Guardian Digital Information for VU#561275

OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process

Status

Affected

Vendor Statement

See http://www.linuxsecurity.com/advisories/other_advisory-1338.html.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+------------------------------------------------------------------------+
| EnGarde Secure Linux Security Advisory                   July 30, 2002 |
| http://www.engardelinux.org/                          ESA-20020730-019 |
|                                                                        |
| Packages: openssl, openssl-misc                                        |
| Summary:  several vulnerabilities in the openssl library.              |
+------------------------------------------------------------------------+

  EnGarde Secure Linux is a secure distribution of Linux that features
 improved access control, host and network intrusion detection, Web
 based secure remote management, complete e-commerce using AllCommerce,
 and integrated open source security tools.

OVERVIEW
- --------
 There are several potentially exploitable vulnerabilities in the OpenSSL
 toolkit.  A security review of OpenSSL is being done by A.L. Digital Ltd
 and The Bunker (http://www.thebunker.net/) under the DARPA program
 CHATS.  Through this review, the following vulnerabilities were
 discovered:

    1. The client master key in SSL2 could be oversized and overrun a
      buffer. This vulnerability was also independently discovered by
      consultants at Neohapsis (
http://www.neohapsis.com/) who have
      also demonstrated that the vulnerability is exploitable.

    2. The session ID supplied to a client in SSL3 could be oversized and
      overrun a buffer.

    3. Various buffers for ASCII representations of integers were too
      small on 64 bit platforms.

    4. The ASN1 parser can be confused by supplying it with certain
      invalid encodings.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
 assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0655 to issue 3,
 and CAN-2002-0659 to issue 4.

SOLUTION
- --------
 Users of the EnGarde Professional edition can use the Guardian Digital
 Secure Network to update their systems automatically.

  EnGarde Community users should upgrade to the most recent version
 as outlined in this advisory.  Updates may be obtained from:

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
   http://ftp.engardelinux.org/pub/engarde/stable/updates/

  Before upgrading the package, the machine must either:

    a) be booted into a "standard" kernel; or
   b) have LIDS disabled.

  To disable LIDS, execute the command:

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

  To install the updated package, execute the command:

    # rpm -Uvh files

  You must now update the LIDS configuration by executing the command:

    # /usr/sbin/config_lids.pl

  To re-enable LIDS (if it was disabled), execute the command:

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

  To verify the signatures of the updated packages, execute the command:

    # rpm -Kv files

UPDATED PACKAGES
- ----------------
 These updated packages are for EnGarde Secure Linux Community
 Edition.

  Source Packages:

    SRPMS/openssl-0.9.6-1.0.16.src.rpm
     MD5 Sum: 158ff68fb5474993694d1dd3f623b921

  Binary Packages:

    i386/openssl-0.9.6-1.0.16.i386.rpm
     MD5 Sum: 9f7bd4009f352a3a3a3519c97ebe988d

    i386/openssl-misc-0.9.6-1.0.16.i386.rpm
     MD5 Sum: 281794e60d923df695f6bcf8aa17055b

    i386/openssl-devel-0.9.6-1.0.16.i386.rpm
     MD5 Sum: 18b3ecd6b9d210180457caeb50a1331e

    i686/openssl-0.9.6-1.0.16.i686.rpm
     MD5 Sum: 872eadde6cb52bcf93fae967c72949b1

    i686/openssl-misc-0.9.6-1.0.16.i686.rpm
     MD5 Sum: 3baf870cbc35f3425cbd3110714ca3ed

    i686/openssl-devel-0.9.6-1.0.16.i686.rpm
     MD5 Sum: 718f5a6c89fac22f338177134fd5e6bd

REFERENCES
- ----------
 Guardian Digital's public key:
   http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

  OpenSSL's Official Web Site:
   http://www.openssl.org/

  Security Contact:   security@guardiandigital.com
 EnGarde Advisories: http://www.engardelinux.org/advisories.html

- --------------------------------------------------------------------------
$Id: ESA-20020730-019-openssl,v 1.2 2002/07/30 12:05:04 rwm Exp $
- --------------------------------------------------------------------------
Author: Ryan W. Maple <ryan@guardiandigital.com>
Copyright 2002, Guardian Digital, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9RpOJHD5cqd57fu0RAgcDAKCJ9ZLCQT+syCgSTwGR24vWbnxavwCgoUnm
JbqLWW/qISBmKIMfBsSgR5c=
=edXn
-----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.