Vulnerability Note VU#484726
OpenSSL does not adequately validate length of Kerberos ticket during SSL/TLS handshake
OpenSSL contains a vulnerability in code that processes SSL/TLS handshakes when configured to use the Kerberos cipher suites. This vulnerability could allow a remote attacker to cause OpenSSL to crash.
OpenSSL implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general purpose cryptographic library. SSL and TLS are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others.
According to RFC2712, TLS allows clients and servers to negotiate cipher suites to meet specific security and administrative policies. In order to provide Kerberos-based authentication, TLS supports the Kerberos cipher suites.
Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL contain a vulnerability in code that processes SSL/TLS handshakes using Kerberos cipher suites. This vulnerability can be exploited by a remote attacker using a specially crafted SSL/TLS handshake to a server configured to use the Kerberos cipher suites. When the server attempts to process this request, OpenSSL could crash. OpenSSL 0.9.6 is not affected.
Further information is available in an advisory from OpenSSL and NISCC/224012/OpenSSL/2.
A remote, unauthenticated attacker could cause a denial of service in an application that uses OpenSSL with Kerberos cipher suites.
If you are a vendor and your product is affected, let
us know.View More »
Upgrade or Patch
Upgrade to OpenSSL 0.9.7d. Alternatively, upgrade or apply a patch as specified by your vendor. Note that it is necessary to recompile any applications that are statically linked to OpenSSL libraries.
This vulnerability was discovered by the OpenSSL Project and reported by the National Infrastructure Security Co-ordination Centre (NISCC).
This document was written by Damon Morda.
17 Mar 2004
Date First Published:
17 Mar 2004
Date Last Updated:
26 Mar 2004
If you have feedback, comments, or additional information about this vulnerability, please send us email.