ID

VAR-200110-0192

CVE

CVE-2006-4339

TITLE

OpenSSL SSLv2 client code fails to properly check for NULL

DESCRIPTION

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1173-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans September 10th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : openssl Problem-Type : local Vulnerability : Cryptographic weakness Debian-specific: no CVE ID : CVE-2006-4339 BugTraq ID : 19849 Debian Bug : 386247 Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid. For the stable distribution (sarge) this problem has been fixed in version 0.9.7e-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 0.9.8b-3 We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798 ARM architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138 PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFBAPBXm3vHE4uyloRAi3GAKDGgqkwyRLRWlGMVZCCaUAqoW/GZwCePsIu B9S76g6dsDiigQZAK709Qmk= =lxOo -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: OpenOffice.org 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38568 VERIFY ADVISORY: http://secunia.com/advisories/38568/ DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) The included libxml2 library fails to properly verify signatures. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. For more information see vulnerability #2 in: SA35967 4) An error in the processing XPM files can be exploited to potentially execute arbitrary code. 5) An error in the processing GIF files can be exploited to potentially execute arbitrary code. 6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code. SOLUTION: Update to version 3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS