OpenSSL do_change_cipher_spec function denial of service

openssl-dochangecipherspec-dos (15505)

Medium Risk

Description:

OpenSSL is vulnerable to a denial of service, caused by a NULL-pointer assignment in the do_change_cipher_spec function. A remote attacker can send a specially-crafted handshake to a server that uses the OpenSSL library to cause OpenSSL to crash.

Note: Any application that uses the OpenSSL's SSL/TLS library may be vulnerable.

Consequences:

Denial of Service

Remedy:

Upgrade to the latest version of OpenSSL (0.9.7d or 0.9.6m), as listed in OpenSSL Security Advisory [17 March 2004]. See References.

Recompile applications that are statically linked to OpenSSL libraries.

For Cisco:
Upgrade to the latest software version for your device, as listed in Cisco Security Advisory Document ID: 49898. See References.

For Mandrake Linux:
Upgrade to the latest openssl package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:023 : openssl for more information. See References.

Mandrake Linux 9.0: 0.9.6i-1.7.90mdk or later
Mandrake Linux 9.1: 0.9.7a-1.3.91mdk or later
Mandrake Linux 9.2: 0.9.7b-4.2.92mdk or later
Mandrake Linux Multi Network Firewall 8.2: 0.9.6i-1.6.M82mdk or later
Mandrake Linux Corporate Server 2.1: 0.9.6i-1.7.C21mdk or later

For FreeBSD:
Upgrade to the latest version of FreeBSD (RELENG_5_2, RELENG_4_9, or RELENG_4_8 dated later than 2004-17-03), as listed in FreeBSD Security Advisory FreeBSD-SA-04:05.openssl. See References.

— OR —

Apply the patch for this vulnerability, as listed in FreeBSD Security Advisory FreeBSD-SA-04:05.openssl. See References.

For Debian GNU/Linux 3.0:
Upgrade to the latest openssl package, as listed below. Refer to DSA-465-1 for more information. See References.

Debian GNU/Linux 3.0 (woody): 0.9.6c-2.woody.6 or later

For Red Hat Linux:
Upgrade to the latest openssl package (0.9.7a-20.2 or later), as listed in RHSA-2004:121-01, RHSA-2005:830-4, RHSA-2005:829-7. See References.

For SuSE Linux:
Upgrade to the latest openssl package, as listed below. Refer to for more information. See References.

SuSE Linux 9.0 (Intel): 0.9.7b-133 or later
SuSE Linux 8.2: 0.9.6i-21 or later
SuSE Linux 8.1: 0.9.6g-114 or later
SuSE Linux 8.0: 0.9.6c-87 or later

For EnGarde Secure Linux:
Upgrade to the latest version of OpenSSL (0.9.6-1.0.14 or later), as listed in EnGarde Secure Linux Security Advisory ESA-20040317-003. See References.

For Slackware Linux:
Upgrade to the latest openssl package, as listed below. Refer to slackware-security Mailing List, Wed, 17 Mar 2004 17:34:04 -0800 (PST) for more information. See References.

Slackware Linux 8.1: 0.9.6m-i386-1 or later
Slackware Linux 9.0: 0.9.7d-i386-1 or later
Slackware Linux 9.1: 0.9.7d-i486-1 or later
Slackware Linux -current: 0.9.7d-i486-1 or later

For Gentoo Linux:
Upgrade to the latest version of openssl (0.9.7d or 0.9.6m or later), as listed in GLSA 200403-03. See References.

For Trustix Secure Linux:
Upgrade to the latest openssl package, as listed below. Refer to Trustix Secure Linux Security Advisory #2004-0012 for more information. See References.

Trustix Secure Linux 1.5: 0.9.6-17tr or later
Trustix Secure Linux 2.0: 0.9.7c-2tr or later
Trustix Secure Linux 2.1: 0.9.7c-5tr or later

For Conectiva Linux:
Upgrade to the latest openssl package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:834 for more information. See References.

Conectiva Linux 8: 0.9.6c-2U80_8cl or later
Conectiva Linux 9: 0.9.7a-28910U90_2cl or later

For NetBSD-current (dated prior to 2004-22-03), 1.5, .6, and 2.0 branch:
Upgrade to the appropriate fixed versions of NetBSD, as listed in NetBSD Security Advisory 2004-005. See References.

For Sun Solaris:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57571 for more information. See References.

SPARC Platform:
Sun Crypto Accelerator 4000 v1.0 (for Solaris 8 and Solaris 9) without patch 114796-04 or later

For HP-UX 11.00, 11.11,11.22, and 11.23:
Apply the update for this vulnerability, as listed in Hewlett-Packard Security Bulletin HPSBUX01019-1. See References.

For SCO OpenServer 5.0.6, and 5.0.7:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2004.10.1. See References.

For SCO UnixWare 7.1.3:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.7. See References.

For SCO UnixWare 7.1.1:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.7. See References.

For SGI IRIX:
Upgrade to the latest version of IRIX, as listed in SGI Security Advisory 20041101-01-P. See References.

For OpenBSD 3.4:
Apply the 016_openssl.patch, available from the OpenBSD 3.4 errata Web site. See References.

For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2004.007 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• CIAC Information Bulletin O-101: OpenSSL Denial of Service Vulnerability [REVISED 12 July 2004].
• CIAC Information Bulletin O-101: OpenSSL Denial of Service Vulnerability.
• CIAC Information Bulletin P-276: Apple Security Update 2005-007.
• cisco-sa-20040317-openssl: Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability.
• EnGarde Secure Linux Security Advisory ESA-20040317-003: openssl, openssl-misc. (From LinuxSecurity archive)
• FreeBSD-SA-04:05.openssl: Denial-of-service vulnerability in OpenSSL.
• GLSA 200403-03: Multiple OpenSSL Vulnerabilities. (From LinuxSecurity archive)
• NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL.
• OpenBSD 3.4 errata Web site: 016: RELIABILITY FIX: March 17, 2004.
• OpenSSL Security Advisory [17 March 2004]: Updated versions of OpenSSL are now available which correct two security issues:.
• SCO Security Advisory SCOSA-2004.10: OpenSSL Multiple Vulnerabilities.
• SCO Security Advisory SCOSA-2004.10.1: OpenSSL Multiple Vulnerabilities.
• SCO Security Advisory SCOSA-2005.7: OpenSSL Multiple Vulnerabilities.
• slackware-security Mailing List, Wed, 17 Mar 2004 17:34:04 -0800 (PST): OpenSSL security update (SSA:2004-077-01).
• Sun Alert ID: 57524: Potential SSL Vulnerabilities in Sun Products.
• Sun Alert ID: 57571: Sun Crypto Accelerator 4000 v1.0 Software May be Susceptible to OpenSSL Security Vulnerabilities.
• Trustix Secure Linux Security Advisory #2004-0012: openssl. (From LinuxSecurity archive)
• BID-14567: Apple Mac OS X Multiple Vulnerabilities
• BID-9899: OpenSSL Denial of Service Vulnerabilities
• CVE-2004-0079: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
• DSA-465: openssl -- several vulnerabilities
• GLSA-200403-03: Multiple OpenSSL Vulnerabilities
• MDKSA-2004:023: Updated openssl packages fix multiple vulnerabilities
• OpenPKG-SA-2004.007: OpenSSL
• RHSA-2004-120: openssl security update
• RHSA-2004-121: Updated OpenSSL packages fix vulnerabilities
• RHSA-2005-829: openssl security update
• RHSA-2005-830: openssl096b security update
• SA11139: OpenSSL SSL/TLS Handshake Denial of Service Vulnerabilities
• SA18247: Avaya Products OpenSSL SSL/TLS Handshake Denial of Service
• SUSE-SA:2004:007: openssl: remote denial-of-service

Platforms Affected:

• Cisco Access Registrar
• Cisco CiscoWorks Common Management Foundation 2.1
• Cisco CiscoWorks Common Services 2.2
• Cisco Content Services Switch 11000
• Cisco Firewall Services Module
• Cisco GSS 4880 Global Site Selector
• Cisco IOS 12.1(11)E
• Cisco IOS 12.2SY
• Cisco MDS 9000
• Cisco ME 1100
• Cisco PIX Firewall
• Conectiva Linux 8.0
• Conectiva Linux 9.0
• Debian Debian Linux 3.0
• EngardeLinux Secure Community 1.0.1
• EngardeLinux Secure Community 2.0
• EngardeLinux Secure Professional 1.1
• EngardeLinux Secure Professional 1.2
• EngardeLinux Secure Professional 1.5
• FreeBSD FreeBSD 4.8
• FreeBSD FreeBSD 4.9
• FreeBSD FreeBSD 5.1
• FreeBSD FreeBSD 5.2
• Gentoo Linux
• HP HP-UX 11.00
• HP HP-UX 11.11
• HP HP-UX 11.22
• HP HP-UX 11.23
• MandrakeSoft Mandrake Linux 9.0
• MandrakeSoft Mandrake Linux 9.1
• MandrakeSoft Mandrake Linux 9.1 PPC
• MandrakeSoft Mandrake Linux 9.2
• MandrakeSoft Mandrake Linux 9.2 AMD64
• MandrakeSoft Mandrake Linux Corporate Server 2.1
• MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
• MandrakeSoft Mandrake Multi Network Firewall 8.2
• NetBSD NetBSD 1.5
• NetBSD NetBSD 1.5.1
• NetBSD NetBSD 1.6
• NetBSD NetBSD 1.6.1
• NetBSD NetBSD 1.6.2
• NetBSD NetBSD 2.0
• NetBSD NetBSD CURRENT
• Novell SuSE Linux Enterprise Server 7.0
• OpenBSD OpenBSD 3.4
• OpenPKG OpenPKG 1.3
• OpenPKG OpenPKG 2.0
• OpenPKG OpenPKG CURRENT
• OpenSSL OpenSSL 0.9.6c
• OpenSSL OpenSSL 0.9.6d
• OpenSSL OpenSSL 0.9.6e
• OpenSSL OpenSSL 0.9.6f
• OpenSSL OpenSSL 0.9.6g
• OpenSSL OpenSSL 0.9.6h
• OpenSSL OpenSSL 0.9.6i
• OpenSSL OpenSSL 0.9.6j
• OpenSSL OpenSSL 0.9.6k
• OpenSSL OpenSSL 0.9.6l
• OpenSSL OpenSSL 0.9.7a
• OpenSSL OpenSSL 0.9.7b
• OpenSSL OpenSSL 0.9.7c
• RedHat Enterprise Linux 2.1 AS
• RedHat Enterprise Linux 2.1 ES
• RedHat Enterprise Linux 2.1 WS
• RedHat Enterprise Linux 3 AS
• RedHat Enterprise Linux 3 Desktop
• RedHat Enterprise Linux 3 ES
• RedHat Enterprise Linux 3 WS
• RedHat Enterprise Linux 4 WS
• RedHat Enterprise Linux 4 AS
• RedHat Enterprise Linux 4 ES
• RedHat Enterprise Linux 4 Desktop
• RedHat Linux 9.0
• RedHat Linux Advanced Workstation 2.1 Itanium
• SCO SCO OpenServer 5.0.6
• SCO SCO OpenServer 5.0.7
• SCO SCO UnixWare 7.1.1
• SCO SCO UnixWare 7.1.3
• SGI IRIX 6.5.20f
• SGI IRIX 6.5.20m
• SGI IRIX 6.5.21f
• SGI IRIX 6.5.21m
• SGI IRIX 6.5.22m
• SGI IRIX 6.5.23m
• SGI IRIX 6.5.24m
• Slackware Slackware Linux 8.1
• Slackware Slackware Linux 9.0
• Slackware Slackware Linux 9.1
• Slackware Slackware Linux current
• Sun Solaris 8
• Sun Solaris 9
• SuSE Linux Enterprise Server 8
• SuSE SuSE eMail Server 3.1
• SuSE SuSE eMail Server III
• SUSE SuSE Linux 8.0
• SUSE SuSE Linux 8.1
• SUSE SuSE Linux 8.2
• SUSE SuSE Linux 9.0
• SuSE SuSE Linux Connectivity Server
• SuSE SuSE Linux Database Server
• SuSE SuSE Linux Firewall
• SuSE SuSE Linux Office Server
• Trustix Secure Linux 1.5
• Trustix Secure Linux 2.0
• Trustix Secure Linux 2.1
• Turbolinux Turbolinux 10 Desktop
• Turbolinux Turbolinux 7 Server
• Turbolinux Turbolinux 7 Workstation
• Turbolinux Turbolinux 8 Server
• Turbolinux Turbolinux 8 Workstation
• Turbolinux Turbolinux Advanced Server 6
• Turbolinux Turbolinux Appliance Server 1.0 Hosting Ed
• Turbolinux Turbolinux Appliance Server 1.0 Workgroup Ed
• Turbolinux Turbolinux Server 6.1
• Turbolinux Turbolinux Server 6.5
• Turbolinux Turbolinux Workstation 6.0

Reported:

Mar 17, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page