From: Mark J. Cox Date: Tue, 31 May 2005 21:42:48 +0000 (+0000) Subject: Add the vulnerabilities database to the site; but don't link it in X-Git-Tag: OpenSSL_web_pre_osf~116 X-Git-Url: https://git.openssl.org/?a=commitdiff_plain;h=15f4c3767550b275017364c4b02c08a8c6dc53ab;p=openssl-web.git Add the vulnerabilities database to the site; but don't link it in yet until it's working totally. To change or add a vulnerability you exit vulnerabilities.xml then run an xslt processor on that file with the vulnerabilities.xsl stylesheet and out will pop vulnerabilities.wml that the website knows how to process. For now we make the user who commits the change do this, and also commit in the wml file. We could probably do this at make time with some perl, but the openssl site doesn't have all the dependancies needed for XML::XSLT yet. Although a lot of this information is in our changes file and in news items on the site there isn't a single place where you can get a complete overview of the vulnerabilities. A CSO I was speaking too this month was suprised by how few issues there had been and thought there were many more serious issues that had affected OpenSSL, this page is, unsuprisingly, similar to the Apache httpd vulnerabilities pages and is based on raw data I've been collecting on vulnerabilities for Red Hat. --- diff --git a/news/vulnerabilities.wml b/news/vulnerabilities.wml new file mode 100644 index 0000000..8e0bb59 --- /dev/null +++ b/news/vulnerabilities.wml @@ -0,0 +1,242 @@ +## Do not edit this file, instead edit vulnerabilities.xml +## then create it using +## xsltproc vulnerabilities.xsl vulnerabilities.xml +## + +#use wml::openssl area=news pages=vulnerabilities + + +OpenSSL vulnerabilities +

OpenSSL vulnerabilities

+

This page lists all security vulnerabilities fixed in released +versions of OpenSSL since 0.9.6 was released on 24th September 2000. +

+

2004

+
+
CAN-2004-0975: 30th September 2004

+
+ +The der_chop script created temporary files insecurely which could +allow local users to overwrite files via a symlink attack on temporary +files. Note that it is quite unlikely that a user would be using the +redundant der_chop script, and this script was removed from the OpenSSL +distribution. + +
+

+

Fixed in OpenSSL + 0.9.7f (Affected 0.9.7e, 0.9.7d, 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
+
Fixed in OpenSSL + 0.9.6-cvs (Affected 0.9.6m, 0.9.6l, 0.9.6k, 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+

+

CAN-2004-0112: 17th March 2004

+
+ +A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. +A remote attacker could perform a carefully crafted SSL/TLS handshake +against a server configured to use Kerberos ciphersuites in such a way +as to cause OpenSSL to crash. Most applications have no ability to +use Kerberos ciphersuites and will therefore be unaffected. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.7d (Affected 0.9.7c, 0.9.7b, 0.9.7a)
+

+

CAN-2004-0081: 17th March 2004

+
+ +The Codenomicon TLS Test Tool found that some unknown message types +were handled incorrectly, allowing a remote attacker to cause a denial +of service (infinite loop). + + (original advisory) +
+

+

+

CAN-2004-0079: 17th March 2004

+
+ +The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the +do_change_cipher_spec() function. A remote attacker could perform a +carefully crafted SSL/TLS handshake against a server that used the +OpenSSL library in such a way as to cause a crash. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.7d (Affected 0.9.7c, 0.9.7b, 0.9.7a, 0.9.7)
+
Fixed in OpenSSL + 0.9.6m (Affected 0.9.6l, 0.9.6k, 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c)
+

+

+

2003

+
+
CAN-2003-0851: 4th November 2003

+
+ +A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to +trigger a large recursion. On platforms such as Windows this large +recursion cannot be handled correctly and so the bug causes OpenSSL to +crash. A remote attacker could exploit this flaw if they can send +arbitrary ASN.1 sequences which would cause OpenSSL to crash. This +could be performed for example by sending a client certificate to a +SSL/TLS enabled server which is configured to accept them. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.6l (Affected 0.9.6k)
+

+

CAN-2003-0545: 30th September 2003

+
+ +Certain ASN.1 encodings that were rejected as invalid by the parser could +trigger a bug in the deallocation of the corresponding data structure, +corrupting the stack, leading to a crash. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.7c (Affected 0.9.7b, 0.9.7a, 0.9.7)
+

+

CAN-2003-0544: 30th September 2003

+
+ +Incorrect tracking of the number of characters in certain +ASN.1 inputs could allow remote attackers to cause a denial of +service (crash) by sending an SSL client certificate that causes OpenSSL to +read past the end of a buffer when the long form is used. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.6k (Affected 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+
Fixed in OpenSSL + 0.9.7c (Affected 0.9.7b, 0.9.7a, 0.9.7)
+

+

CAN-2003-0543: 30th September 2003

+
+ +An integer overflow could allow remote attackers to cause a denial of +service (crash) via an SSL client certificate with certain ASN.1 tag +values. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.7c (Affected 0.9.7b, 0.9.7a, 0.9.7)
+
Fixed in OpenSSL + 0.9.6k (Affected 0.9.6j, 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+

+

CAN-2003-0147: 14th March 2003

+
+ +RSA blinding was not enabled by default, which could allow local and +remote attackers to obtain a server's private key by determining +factors using timing differences on (1) the number of extra reductions +during Montgomery reduction, and (2) the use of different integer +multiplication algorithms ("Karatsuba" and normal). + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.7b (Affected 0.9.7a, 0.9.7)
+
Fixed in OpenSSL + 0.9.6j (Affected 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+

+

CAN-2003-0131: 19th March 2003

+
+ +The SSL and TLS components allowed remote attackers to perform an +unauthorized RSA private key operation via a modified Bleichenbacher +attack that uses a large number of SSL or TLS connections using PKCS #1 +v1.5 padding that caused OpenSSL to leak information regarding the +relationship between ciphertext and the associated plaintext, aka the +"Klima-Pokorny-Rosa attack" + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.6j (Affected 0.9.6i, 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+
Fixed in OpenSSL + 0.9.7b (Affected 0.9.7a, 0.9.7)
+

+

CAN-2003-0078: 19th February 2003

+
+ +sl3_get_record in s3_pkt.c did not perform a MAC computation if an +incorrect block cipher padding was used, causing an information leak +(timing discrepancy) that may make it easier to launch cryptographic +attacks that rely on distinguishing between padding and MAC +verification errors, possibly leading to extraction of the original +plaintext, aka the "Vaudenay timing attack." + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.7a (Affected 0.9.7)
+
Fixed in OpenSSL + 0.9.6i (Affected 0.9.6h, 0.9.6g, 0.9.6f, 0.9.6e, 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+

+

+

2002

+
+
CAN-2002-0659: 30th July 2002

+
+ +A flaw in the ASN1 library allowed remote attackers to cause a denial of +service by sending invalid encodings. + +
+

+

Fixed in OpenSSL + 0.9.6e (Affected 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a)
+

+

CAN-2002-0657: 30th July 2002

+
+ +A buffer overflow when Kerberos is enabled allowed attackers +to execute arbitrary code by sending a long master key. Note that this +flaw did not affect any released version of 0.9.6 or 0.9.7 + + (original advisory) +
+

+

+

CAN-2002-0656: 30th July 2002

+
+ +A buffer overflow allowed remote attackers to execute +arbitrary code by sending a large client master key in SSL2 or a +large session ID in SSL3. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.6e (Affected 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+

+

CAN-2002-0655: 30th July 2002

+
+ +Inproper handling of ASCII representations of integers on +64 bit platforms allowed remote attackers to cause a denial of +service or possibly execute arbitrary code. + + (original advisory) +
+

+

Fixed in OpenSSL + 0.9.6e (Affected 0.9.6d, 0.9.6c, 0.9.6b, 0.9.6a, 0.9.6)
+

+

diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml new file mode 100644 index 0000000..ce48f3f --- /dev/null +++ b/news/vulnerabilities.xml @@ -0,0 +1,338 @@ + + + + + + + + + + + + + + + +Inproper handling of ASCII representations of integers on +64 bit platforms allowed remote attackers to cause a denial of +service or possibly execute arbitrary code. + + + + + + + + + + + + + + +A buffer overflow allowed remote attackers to execute +arbitrary code by sending a large client master key in SSL2 or a +large session ID in SSL3. + + + + + + + + +A buffer overflow when Kerberos is enabled allowed attackers +to execute arbitrary code by sending a long master key. Note that this +flaw did not affect any released version of 0.9.6 or 0.9.7 + + + + + + + + + + + +A flaw in the ASN1 library allowed remote attackers to cause a denial of +service by sending invalid encodings. + + + + + + + + +The use of assertions when detecting buffer overflow attacks +allowed remote attackers to cause a denial of service (crash) by +sending certain messages to cause +OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 +CLIENT_MASTER_KEY messages, which were not properly handled in +s2_srvr.c. + + + + + + + + + + + + + + + + + + + +sl3_get_record in s3_pkt.c did not perform a MAC computation if an +incorrect block cipher padding was used, causing an information leak +(timing discrepancy) that may make it easier to launch cryptographic +attacks that rely on distinguishing between padding and MAC +verification errors, possibly leading to extraction of the original +plaintext, aka the "Vaudenay timing attack." + + + + + + + + + + + + + + + + + + + + + +The SSL and TLS components allowed remote attackers to perform an +unauthorized RSA private key operation via a modified Bleichenbacher +attack that uses a large number of SSL or TLS connections using PKCS #1 +v1.5 padding that caused OpenSSL to leak information regarding the +relationship between ciphertext and the associated plaintext, aka the +"Klima-Pokorny-Rosa attack" + + + + + + + + + + + + + + + + + + + + + +RSA blinding was not enabled by default, which could allow local and +remote attackers to obtain a server's private key by determining +factors using timing differences on (1) the number of extra reductions +during Montgomery reduction, and (2) the use of different integer +multiplication algorithms ("Karatsuba" and normal). + + + + + + + + + + + + + + + + + + + + + + + + +An integer overflow could allow remote attackers to cause a denial of +service (crash) via an SSL client certificate with certain ASN.1 tag +values. + + + + + + + + + + + + + + + + + + + + + + + + +Incorrect tracking of the number of characters in certain +ASN.1 inputs could allow remote attackers to cause a denial of +service (crash) by sending an SSL client certificate that causes OpenSSL to +read past the end of a buffer when the long form is used. + + + + + + + + + + + + +Certain ASN.1 encodings that were rejected as invalid by the parser could +trigger a bug in the deallocation of the corresponding data structure, +corrupting the stack, leading to a crash. + + + + + + + + + + +A flaw in OpenSSL 0.9.6k (only) would cause certain ASN.1 sequences to +trigger a large recursion. On platforms such as Windows this large +recursion cannot be handled correctly and so the bug causes OpenSSL to +crash. A remote attacker could exploit this flaw if they can send +arbitrary ASN.1 sequences which would cause OpenSSL to crash. This +could be performed for example by sending a client certificate to a +SSL/TLS enabled server which is configured to accept them. + + + + + + + + + + + + + + + + + + + + + + + + +The Codenomicon TLS Test Tool uncovered a null-pointer assignment in the +do_change_cipher_spec() function. A remote attacker could perform a +carefully crafted SSL/TLS handshake against a server that used the +OpenSSL library in such a way as to cause a crash. + + + + + + + + + + + + +The Codenomicon TLS Test Tool found that some unknown message types +were handled incorrectly, allowing a remote attacker to cause a denial +of service (infinite loop). + + + + + + + + + + + + +A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. +A remote attacker could perform a carefully crafted SSL/TLS handshake +against a server configured to use Kerberos ciphersuites in such a way +as to cause OpenSSL to crash. Most applications have no ability to +use Kerberos ciphersuites and will therefore be unaffected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +The der_chop script created temporary files insecurely which could +allow local users to overwrite files via a symlink attack on temporary +files. Note that it is quite unlikely that a user would be using the +redundant der_chop script, and this script was removed from the OpenSSL +distribution. + + + + diff --git a/news/vulnerabilities.xsl b/news/vulnerabilities.xsl new file mode 100644 index 0000000..a988751 --- /dev/null +++ b/news/vulnerabilities.xsl @@ -0,0 +1,95 @@ + + + + + + + + + + + + ## Do not edit this file, instead edit vulnerabilities.xml +## then create it using +## xsltproc vulnerabilities.xsl vulnerabilities.xml +## + + + #use wml::openssl area=news pages=vulnerabilities + + +OpenSSL vulnerabilities + +

OpenSSL vulnerabilities

+ +

This page lists all security vulnerabilities fixed in released +versions of OpenSSL since 0.9.6 was released on 24th September 2000. +

+ + + + +

+
+ + + +
+ + + + +
+ + + +: + + +

+

+ + + (original advisory) + +
+

+ +

Fixed in OpenSSL + + + + + + (Affected + + + + ? + + + , + + + ) + + +
+ +

+ + + + +The Common Vulnerabilities and Exposures project +has assigned the name + +CAN- + + to this issue. + + + + + + diff --git a/news/vulnerabilitiesdates.xsl b/news/vulnerabilitiesdates.xsl new file mode 100644 index 0000000..8d47f98 --- /dev/null +++ b/news/vulnerabilitiesdates.xsl @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + st + nd + rd + th + + +   + + + + + + + +   + + + + + + + + + January + February + March + April + May + June + July + August + September + October + November + December + + + +