[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS ALERT - 12/04 - Denial of Service Vulnerabilities in OpenSSL


- ----------------------------------------------------------------------------------
      UNIRAS (UK Govt CERT) ALERT - 12/04 dated 17.03.04  Time: 12:00  
 UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------


Denial of Service Vulnerabilities in OpenSSL.


What is Affected?

Versions of OpenSSL are vulnerable up to and including 0.9.7c as specified below. 


If exploited this vulnerability could lead to a Denial of Service. 


The three vulnerabilities described in this document were found through testing performed by the OpenSSL Project (http://www.openssl.org) using a commercial test suite for the TLS protocol developed by Codenomicon Ltd. (see http://www.codenomicon.com/testtools/tls/). 

NISCC has been involved in brokering a relationship between Codenomicon and the OpenSSL Project and in handling all aspects of the vulnerability disclosure. 

Joe Orton of Red Hat performed the testing and Dr Stephen Henson of the OpenSSL core team provided patches for the vulnerabilities identified. 


OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library.

The vulnerabilities described in this advisory affect the OpenSSL implementation of the TLS and SSL protocols, which are typically used to provide security services to a range of Internet application protocols and in support of web and email applications. TLS and SSL are intermediate protocols layered onto a TCP connection used to provide additional security to higher level protocols. These higher-level protocols, particularly application protocols such as web services or email, may be layered on top of a TLS/SSL connection.

These vulnerabilities relate to the SSL/TLS session establishment and do not relate to any ASN.1 related protocol elements.

Vendor specific information will be released as it becomes available and if vendor permission has been received. Subscribers are advised to check the following URL regularly for updates:


[Please note that updates to this advisory will not be notified by email.]

The identified vulnerabilities (complete with CVE names) are as follows:

NISCC/224012/1 [OpenSSL 0.9.6 and 0.9.7]
CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that used the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from 0.9.7a to 0.9.7c inclusive are affected by this issue. 

NISCC/224012/2 [OpenSSL 0.9.7]
CAN-2004-0112 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
Dr. Stephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. Versions 0.9.7a, 0.9.7b, and 0.9.7c of OpenSSL are affected by this issue. 

NISCC/224012/3 [OpenSSL 0.9.6]
CAN-2004-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081
Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 that can lead to a Denial of Service attack (infinite loop). This issue was traced to a fix that was added to OpenSSL 0.9.6d some time ago. This issue will affect vendors that ship older versions of OpenSSL with backported security patches. 


These vulnerabilities have been fixed in OpenSSL 0.9.6m and 0.9.7d, available from the OpenSSL web site at:

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Codenomicon & the OpenSSL Project
for the information contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

Version: PGP 8.0