-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced: 2006-09-28 Credits: Dr S N Henson, Tavis Ormandy, Will Drewry Stephen Kiernan (Juniper SIRT) Affects: All FreeBSD releases. Corrected: 2006-09-29 13:44:03 UTC (RELENG_6, 6.2-PRERELEASE) 2006-09-29 13:44:31 UTC (RELENG_6_1, 6.1-RELEASE-p9) 2006-09-29 13:44:45 UTC (RELENG_6_0, 6.0-RELEASE-p14) 2006-09-29 13:45:01 UTC (RELENG_5, 5.5-STABLE) 2006-09-29 13:45:43 UTC (RELENG_5_5, 5.5-RELEASE-p7) 2006-09-29 13:45:59 UTC (RELENG_5_4, 5.4-RELEASE-p21) 2006-09-29 13:46:10 UTC (RELENG_5_3, 5.3-RELEASE-p36) 2006-09-29 13:46:23 UTC (RELENG_4, 4.11-STABLE) 2006-09-29 13:46:41 UTC (RELENG_4_11, 4.11-RELEASE-p24) CVE Name: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History v1.0 2006-09-28 Initial release. v1.1 2006-09-29 Corrected patch. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description Several problems have been found in OpenSSL: 1. During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop. [CVE-2006-2937] 2. A buffer overflow exists in the SSL_get_shared_ciphers function. [CVE-2006-3738] 3. A NULL pointer may be dereferenced in the SSL version 2 client code. [CVE-2006-4343] In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used. [CVE-2006-2940] III. Impact Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack. [CVE-2006-2937] An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server. [CVE-2006-3738] A malicious SSL server can cause clients connecting using SSL version 2 to crash. [CVE-2006-4343] Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack. [CVE-2006-2940] IV. Workaround No workaround is available, but not all of the vulnerabilities mentioned affect all applications. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, or RELENG_4_11 security branch dated after the correction date. 2) To patch your present system: The following patch has been verified to apply to FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0, and 6.1 systems. a) Download the patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc NOTE: The patch distributed at the time of the original advisory was incorrect. Systems to which the original patch was applied should be patched with the following corrective patch, which contains only the changes between the original and updated patch: # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch # fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system as described in and reboot the system. NOTE: Any third-party applications, including those installed from the FreeBSD ports collection, which are statically linked to libcrypto(3) should be recompiled in order to use the corrected code. NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by prohibiting the use of exceptionally large public keys. It is believed that no existing applications legitimately use such key lengths as would be affected by this change. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.3 src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.5 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.4 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.9 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.5 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.4 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.8 src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.9 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.9 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.4 src/crypto/openssl/ssl/s2_clnt.c 1.2.2.9 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.10 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.9 RELENG_4_11 src/UPDATING 1.73.2.91.2.25 src/sys/conf/newvers.sh 1.44.2.39.2.28 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.2.6.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.4.8.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.7.6.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.4.8.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.7.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.8.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.8.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.3.8.1 src/crypto/openssl/ssl/s2_clnt.c 1.2.2.8.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.9.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.8.4.1 RELENG_5 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.4.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.6.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.2 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.3 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.2 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.6.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.2 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.2 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.2 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.2 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.2 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.2 RELENG_5_5 src/UPDATING 1.342.2.35.2.7 src/sys/conf/newvers.sh 1.62.2.21.2.9 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.16.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.18.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.4.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.4.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.4.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.18.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.18.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.1 RELENG_5_4 src/UPDATING 1.342.2.24.2.30 src/sys/conf/newvers.sh 1.62.2.18.2.26 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.8.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.10.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.2.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.2.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.2.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.10.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.2.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.10.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.2.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.2.1 RELENG_5_3 src/UPDATING 1.342.2.13.2.39 src/sys/conf/newvers.sh 1.62.2.15.2.41 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.6.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.8.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.8.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.6.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.8.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.8.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.10.6.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.6.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.8.1 src/crypto/openssl/ssl/s2_clnt.c 1.12.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.4.1 RELENG_6 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.12.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.2.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.2.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.2.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.12.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.2.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.2.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.2.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.11 src/sys/conf/newvers.sh 1.69.2.11.2.11 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.14.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.16.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.6.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.6.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.6.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.16.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.6.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.6.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.6.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.16.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.6.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.1 RELENG_6_0 src/UPDATING 1.416.2.3.2.19 src/sys/conf/newvers.sh 1.69.2.8.2.15 src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.12.1 src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.14.1 src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.4.1 src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.4.2 src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.4.1 src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.14.1 src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.4.1 src/crypto/openssl/crypto/rsa/rsa.h 1.11.4.1 src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.4.1 src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.14.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.4.1 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.4.1 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFFHSVwFdaIBMps37IRApTZAJ9YY6pldJ52FwtYHbMxsW5363NUgwCgl4tb 3jFuSkTKR6xVJ6ui4POBjkI= =Bn+e -----END PGP SIGNATURE-----