SecuriTeam™ - Denial of Service in ASN.1 Parsing

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

Black Box Testing
Vulnerability Assessment
Vulnerability Scanner

	SecuriTeam™ in Your Inbox

	E-mail this article to a friend

New vulnerability?
New tool?
Tell us

Previously, OpenSSL 0.9.6k was released on the 30 September 2003 to address various ASN.1 issues. The issues were found using a test suite from NISCC (www.niscc.gov.uk) and fixed by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.

Subsequent to that release, Novell Inc. carried out further testing using the NISCC suite. They discovered that there was a denial of service vulnerability in OpenSSL version 0.9.6k when running on a Windows platform.

A bug in OpenSSL 0.9.6 would cause certain ASN.1 sequences to trigger a large recursion. On platforms such as Windows, this large recursion cannot be handled correctly and so the bug causes OpenSSL to crash. A remote attacker could exploit this flaw if they can send arbitrary ASN.1 sequences that would cause OpenSSL to crash. This could be performed for example by sending a client certificate to a SSL/TLS enabled server that is configured to accept them.

OpenSSL do not believe this issue could be exploited further than a Denial of Service attack.

Patches for this issue have been created by Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team.

Credit:
The information has been provided by Mark J Cox of OpenSSL.

Audit your web server for security holes - see what the hackers see.
Sign up for a scan today - risk free!

Vulnerable systems:
OpenSSL 0.9.6k is affected by the bug, but the denial of service does not affect all platforms. This issue does not affect OpenSSL 0.9.7. Currently only OpenSSL running on Windows platforms are known to crash.

Recommendations:
Upgrade to OpenSSL 0.9.6l or 0.9.7c. Recompile any OpenSSL applications statically linked to OpenSSL libraries.

OpenSSL 0.9.6l is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html):
o http://www.openssl.org/source/
o ftp://ftp.openssl.org/source/

The distribution file name is:
o openssl-0.9.6l.tar.gz [normal]
MD5 checksum: 843a65ddc56634f0e30a4f9474bb5b27
o openssl-engine-0.9.6l.tar.gz [engine]
MD5 checksum: dd372198cdf31667f2cb29cd76fbda1c

The checksums were calculated using the following command:
openssl md5 < openssl-0.9.6l.tar.gz
openssl md5 < openssl-engine-0.9.6l.tar.gz

Subject:		Date:
From:

	Cisco BBSM Captive Portal Cross-site Scripting
	Cisco Unified Communications Manager Denial of Service Vulnerabilities
	Novell eDirectory Unauthenticated Access to SOAP Interface
	Call of Duty Denial of Service
	Wonderware SuiteLink Denial of Service Vulnerability
	WebMod Multiple Vulnerabilities
	IAX2 Incomplete 3-Way Handshake (Spoofing)
	Multiple Vendor OpenOffice Vulnerabilities
	Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
	Cisco Network Admission Control Shared Secret Vulnerability
	ClamAV libclamav PeSpin Heap Overflow Vulnerability
	ClamAV libclamav PE WWPack Heap Overflow Vulnerability
	IBM Informix Pre-Authentication Stack Overflow
	Adobe Flash Player DeclareFunction2 Invalid Object Use Vulnerability
	HP OpenView NNM Buffer Overflow