CVE-2002-0657
CVSS7.5
发布时间 :2002-08-12 00:00:00
修订时间 :2008-09-10 15:12:40
NMCOS    

[原文]Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.


[CNNVD]OpenSSL服务器端接收超长SSL3密钥缓冲区溢出漏洞(CNNVD-200208-028)

        
        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        OpenSSL的实现上存在缓冲区溢出漏洞,远程攻击者可能利用溢出攻击在服务器端或客户端执行任意指令。
        远程攻击者可能发送超长的SSL版本3的客户端密钥,溢出服务器端守护进程的缓冲区,从而以守护进程的权限执行任意指令。这个漏洞只影响OpenSSL 0.9.7到0.9.7-beta3之间(不包括beta3)并打开了Kerberos选项的版本。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:openssl:openssl:0.9.7:beta1OpenSSL Project OpenSSL 0.9.7 beta1
cpe:/a:openssl:openssl:0.9.7:beta2OpenSSL Project OpenSSL 0.9.7 beta2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0657
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0657
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-028
(官方数据源) CNNVD

- 其它链接及资源

http://www.cert.org/advisories/CA-2002-23.html
(VENDOR_ADVISORY)  CERT  CA-2002-23
http://www.kb.cert.org/vuls/id/561275
(VENDOR_ADVISORY)  CERT-VN  VU#561275
http://www.securityfocus.com/bid/5361
(UNKNOWN)  BID  5361
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:046
http://www.iss.net/security_center/static/9715.php
(UNKNOWN)  XF  openssl-ssl3-masterkey-bo(9715)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
(UNKNOWN)  CONECTIVA  CLA-2002:513
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-02:33
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
(UNKNOWN)  CALDERA  CSSA-2002-033.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
(UNKNOWN)  CALDERA  CSSA-2002-033.0

- 漏洞信息

OpenSSL服务器端接收超长SSL3密钥缓冲区溢出漏洞
高危 边界条件错误
2002-08-12 00:00:00 2006-09-21 00:00:00
远程  
        
        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        OpenSSL的实现上存在缓冲区溢出漏洞,远程攻击者可能利用溢出攻击在服务器端或客户端执行任意指令。
        远程攻击者可能发送超长的SSL版本3的客户端密钥,溢出服务器端守护进程的缓冲区,从而以守护进程的权限执行任意指令。这个漏洞只影响OpenSSL 0.9.7到0.9.7-beta3之间(不包括beta3)并打开了Kerberos选项的版本。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 服务器端暂时禁止使用Kerberos
        厂商补丁:
        OpenSSL Project
        ---------------
        OpenSSL Project已经为此发布了一个安全公告(secadv_20020730)以及相应补丁:
        secadv_20020730:OpenSSL Security Advisory [30 July 2002]
        链接:
        http://www.openssl.org/news/secadv_20020730.txt

        补丁下载:
        OpenSSL 0.9.7-beta3:
        
        http://www.openssl.org/source/openssl-0.9.7-beta3.tar.gz

- 漏洞信息

3942
OpenSSL SSLv3 with Kerberos Master Key Handling Remote Overflow
Local Access Required, Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

A remote overflow exists in OpenSSL. OpenSSL fails to properly check the length of a master key in SSLv3 negotiation with Kerberos enabled, resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2002-07-30 Unknow
2002-07-30 Unknow

- 解决方案

Upgrade to version 0.9.3-beta3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch, or by disabling Kerberos support.

- 相关参考

- 漏洞作者

- 漏洞信息

OpenSSL Kerberos Enabled SSLv3 Master Key Exchange Buffer Overflow Vulnerability
Boundary Condition Error 5361
Yes No
2002-07-30 12:00:00 2009-07-11 02:56:00
Discovery of this issue credited to A.L. Digital Ltd and The Bunker.

- 受影响的程序版本

Sun Crypto Accelerator 1000
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
Novell NetMail 3.10 d
Novell NetMail 3.10 c
Novell NetMail 3.10 b
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- RedHat Linux 7.3
- Sun Solaris 9
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Novell NetMail 3.10 a
- Microsoft Windows 3.11
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Novell Netware 6.0 SP1
- Novell Netware 6.0
- RedHat Linux 7.3
- Sun Solaris 9
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Novell NetMail 3.10
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- RedHat Linux 7.3
- Sun Solaris 9
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
HP Webproxy 2.0
+ HP HP-UX 11.0 4
HP Webproxy 1.0
HP VirtualVault 4.6
- HP HP-UX 11.0 4
HP VirtualVault 4.5
- HP HP-UX 11.0 4
HP Tru64 UNIX INTERNET EXPRESS 5.9
HP Tru64 UNIX Compaq Secure Web Server 5.8.1
HP TCP/IP Services for OpenVMS 5.3
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP INTERNET EXPRESS EAK 2.0
HP HP-UX 11.22
HP HP-UX 11.20
HP HP-UX 11.11
HP HP-UX 11.0
OpenSSL Project OpenSSL 0.9.7 beta3
Novell NetMail 3.10 e

- 不受影响的程序版本

OpenSSL Project OpenSSL 0.9.7 beta3
Novell NetMail 3.10 e

- 漏洞讨论

A vulnerability has been reported for OpenSSL 0.9.7 pre-release versions.

When initiatiating contact between a SSLv3 server, master keys are exchanged between the client and the server. When an oversized master key is supplied to a SSL version 3 server by a malicious client, it may cause a buffer to overflow on the vulnerable system. Execution of arbitrary code as the server process may be possible.

This vulnerability is present only when Kerberos is enabled for a system using SSL version 3.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

A patch has been made by Ben Laurie <ben@algroup.co.uk>. It should be noted that this patch has not been thoroughly tested.

HP has made fixes available in the form of upgrade packages. Packages are available at http://www.software.hp.com/ISS_products_list.html, and are binary versions of Apache 1.3.26.05 and 2.0.39.05 respectively.

Sun has stated that the Crypto Accelerator 1000 board is vulnerable to this issue. A patch (112869-02) is available for download.

Sun has a new patch available for download. The patch, 113355-01, is for Crypto Accelerator 1000 1.1 board for Solaris 8 or 9.


Sun Crypto Accelerator 1000

OpenSSL Project OpenSSL 0.9.7 beta2

OpenSSL Project OpenSSL 0.9.7 beta1

HP Webproxy 1.0

HP Webproxy 2.0

Novell NetMail 3.10

Novell NetMail 3.10 b

Novell NetMail 3.10 c

Novell NetMail 3.10 a

Novell NetMail 3.10 d

HP VirtualVault 4.5

HP VirtualVault 4.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站