CERT-In Advisory CIAD-2009-16
OpenSSL Multiple Vulnerabilities
Original issue date:
March 27, 2009
Severity Rating: Medium
Systems Affected
- OpenSSL Versions prior to 0.9.8k
Overview
Multiple vulnerabilities have been reported in OpenSSL 0.9.8j and earlier, which could allow remote attackers to bypass certain security restrictions or cause denial of service conditions.
Description
1. OpenSSL ASN 1_STRING_print_ex() Invalid Memory Access Vulnerability (CVE-2009-0590)
This vulnerability is caused due to an error exists in the " ASN 1_STRING_print_ex()" function when printing "BMPString" or "UniversalString" strings in openSSL. A remote attacker could exploit this vulnerability via an illegal encoded string length (e.g. printing the contents of a certificate) to trigger an invalid memory access error. Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition.
2. OpenSSL CMS _verify() Error Handling vulnerability
(CVE-2009-0591)
This vulnerability is caused due to incorrect handling of an error condition when processing malformed signed attributes in " CMS _verify()" function in openSSL. A remote attacker could exploit this vulnerability using malformed set of signed attributes to trick an application into considering as a valid signed attributes. Successful exploitation of this vulnerability could allow a remote attacker to bypass certain security restrictions.
Successful exploitation requires access to a previously generated invalid signature.
Note: This issue only affects OpenSSL versions 0.9.8h and later with CMS enabled.
3. OpenSSL ASN 1 Structure Memory Access Vulnerability
(CVE-2009-0789)
This vulnerability is caused due to an error when processing malformed ASN 1 structures in openSSL. A remote attacker could exploit this vulnerability via a specially crafted certificate to trigger an invalid memory access error. Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service condition.
Note: This issue exist only on platforms where the size of "long" is smaller than the size of "void *" (e.g. WIN 64).
Solution
Update to version openSSL 0.9.8k available at
http://www.openssl.org/source/openssl-0.9.8k.tar.gz
Vendor Information
OpenSSL
http://www.openssl.org/news/secadv_20090325.txt
References
OpenSSL
http://www.openssl.org/news/secadv_20090325.txt
Secunia
http://secunia.com/advisories/34411/
Security Focus
http://www.securityfocus.com/bid/34256
Security Tracker
http://www.securitytracker.com/alerts/2009/Mar/1021905.html
http://www.securitytracker.com/alerts/2009/Mar/1021907.html
http://www.securitytracker.com/alerts/2009/Mar/1021906.html
VUPEN
http://www.vupen.com/english/advisories/2009/0850
CVE Name
CVE-2009-0590
CVE-2009-0591
CVE-2009-0789
CWE Name
CWE-20
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
