ID

VAR-200110-0240

CVE

CVE-2006-4343

TITLE

OpenSSL SSLv2 client code fails to properly check for NULL

DESCRIPTION

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2937 [2] to the problem. 2. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2940 [3] to the problem. 3. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-3780 [4] to the problem. 4. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-4343 [5] to the problem. ________________________________________________________________________ References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824490 Version: 1 HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E HACgjeWEt9Ja5qNdjhL5iwOp3JVtVic= =EvRT -----END PGP SIGNATURE----- . --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200610-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code. Background ========== OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL 0.9.8 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d" All OpenSSL 0.9.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l" References ========== [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200610-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. OpenSSL Security Advisory [28th September 2006] New OpenSSL releases are now available to correct four security issues. ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940) ============================================================== Vulnerability ------------- Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7) 2. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940). Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications. Acknowledgements ---------------- The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738). Acknowledgements ---------------- The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue. SSLv2 Client Crash (CVE-2006-4343) ================================== Vulnerability ------------- A flaw in the SSLv2 client code was discovered. Acknowledgements ---------------- The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue. Recommendations =============== These vulnerabilities are resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7l (or later); - in the 0.9.8 branch, version 0.9.8d (or later). OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html): o https://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.8d.tar.gz MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2 o openssl-0.9.7l.tar.gz MD5 checksum: b21d6e10817ddeccf5fbe1379987333e SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d The checksums were calculated using the following commands: openssl md5 openssl-0.9*.tar.gz openssl sha1 openssl-0.9*.tar.gz After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt

AFFECTED PRODUCTS