12100: OpenSSL ASN.1 and Invalid Public Key Vulnerabilities

OpenSSL ASN.1 and Invalid Public Key Vulnerabilities

General Info

	TC:	12100
	Description:	OpenSSL is a very popular library supporting SSL and cryptographic functions working on many different platforms. Some versions are vulnerable to problems in the ASN.1 parser and in key handling: 1. denial of service due to an integer overflow when parsing ASN.1 values 2. denial of service due to bad number of characters check in certain ASN.1 inputs 3. denial of service due to malformed public key crashing the verify code in debugging mode. 4. server will parse client certificate even when it is not specifically requested to. This is not a vulnerability in itself but can be used to perform attacks 1, 2 and 3. An attack using one of this vulnerabilities will result in a denial of service.
	TC Impact:	Gather Info
	Service:	http

Specific Operations and Actions:

	Vulnerability Publication:	September 30, 2003
	Advisory Copyright:	NISCC and Stephen Henson
	Summary:	It is possible to create a DOS and probably run code on your computer using a bug in OpenSSL.
	Risk:	Medium
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
	CVSS 2.0 Base Score:	5.0

	Vulnerability Impact:	Denial of Service

	Host Impact:	Service can be stopped.
	Nature of Remediation:	Update the software.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Upgrade to OpenSSL 0.9.6l, or 0.9.7c, or later. See references for more details.

Glossary and References :

	References:
	* MISC: http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm * CONFIRM: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893 * FULLDISC: 20030929 [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/011172.html * VULNWATCH: 20030929 Vulnerability Issues in OpenSSL http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0121.html * CONFIRM: http://www-1.ibm.com/support/docview.wss?uid=swg21247112 * REDHAT: RHSA-2003:291 http://www.redhat.com/support/errata/RHSA-2003-291.html * REDHAT: RHSA-2003:292 http://www.redhat.com/support/errata/RHSA-2003-292.html * DEBIAN: DSA-393 http://www.debian.org/security/2003/dsa-393 * DEBIAN: DSA-394 http://www.debian.org/security/2003/dsa-394 * CERT: CA-2003-26 http://www.cert.org/advisories/CA-2003-26.html * CERT-VN: VU#255484 http://www.kb.cert.org/vuls/id/255484 * BID: 8732 http://www.securityfocus.com/bid/8732 * FRSIRT: ADV-2006-3900 http://www.frsirt.com/english/advisories/2006/3900 * OVAL: oval:org.mitre.oval:def:4254 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4254 * SECUNIA: 22249 http://secunia.com/advisories/22249 * CERT-VN: VU#380864 http://www.kb.cert.org/vuls/id/380864 * OVAL: oval:org.mitre.oval:def:4574 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4574 * MISC: http://www.kb.cert.org/vuls/id/686224 * MISC: http://www.kb.cert.org/vuls/id/732952 * MISC: http://www.kb.cert.org/vuls/id/104280

	CVE Link:	CVE-2003-0543 CVE-2003-0544

	Glossary:	Denial of Service SSL

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)