Bug 46906 (CVE-2003-0543)

Summary: VUL-0: CVE-2003-0543: openssl ASN1 parsing bugs
Product: [Novell Products] SUSE Security Incidents Reporter: Roman Drahtmueller <draht>
Component: IncidentsAssignee: Peter Poeml <poeml>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Critical    
Priority: P3 - Medium CC: deckel, fs, heiko.rommel, security-team, wwilde
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVSSv2:NVD:CVE-2003-0543:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: appliable patch for 0.9.6*
appliable patch for 0.9.7b
patch for < 0.9.6f

Description Roman Drahtmueller 2003-09-30 21:03:53 UTC 
There are four vulnerabilities in openssl that need an immediate fix. 
I have been asking for a patch just a minute ago, the answer is pending.

RH have published an announcement about this already, so we are in a rush.
Peter, do you have a chance to dig up patches for the issues?
Full information below; Peter, please reassign to security-team@suse.de once
your work is done.
Patchinfo and putonftp files are following.
Roman.

OpenSSL Security Advisory [30 September 2003]

Vulnerabilities in ASN.1 parsing
================================

NISCC (www.niscc.gov.uk) prepared a test suite to check the operation
of SSL/TLS software when presented with a wide range of malformed client
certificates.

Dr Stephen Henson (steve@openssl.org) of the OpenSSL core team
identified and prepared fixes for a number of vulnerabilities in the
OpenSSL ASN1 code when running the test suite.

A bug in OpenSSLs SSL/TLS protocol was also identified which causes
OpenSSL to parse a client certificate from an SSL/TLS client when it
should reject it as a protocol error.

Vulnerabilities
---------------

1. Certain ASN.1 encodings that are rejected as invalid by the parser
can trigger a bug in the deallocation of the corresponding data
structure, corrupting the stack. This can be used as a denial of service
attack. It is currently unknown whether this can be exploited to run
malicious code. This issue does not affect OpenSSL 0.9.6.

2. Unusual ASN.1 tag values can cause an out of bounds read under
certain circumstances, resulting in a denial of service vulnerability.

3. A malformed public key in a certificate will crash the verify code if
it is set to ignore public key decoding errors. Public key decode errors
are not normally ignored, except for debugging purposes, so this is
unlikely to affect production code. Exploitation of an affected
application would result in a denial of service vulnerability.

4. Due to an error in the SSL/TLS protocol handling, a server will parse
a client certificate when one is not specifically requested. This by
itself is not strictly speaking a vulnerability but it does mean that
*all* SSL/TLS servers that use OpenSSL can be attacked using
vulnerabilities 1, 2 and 3 even if they don't enable client authentication.

Who is affected?
----------------

All versions of OpenSSL up to and including 0.9.6j and 0.9.7b and all
versions of SSLeay are affected.

Any application that makes use of OpenSSL's ASN1 library to parse
untrusted data. This includes all SSL or TLS applications, those using
S/MIME (PKCS#7) or certificate generation routines.

Recommendations
---------------

Upgrade to OpenSSL 0.9.7c or 0.9.6k. Recompile any OpenSSL applications
statically linked to OpenSSL libraries.

References
----------

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0545 for issue 1:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545

and CAN-2003-0543 and CAN-2003-0544 for issue 2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20030930.txt
Comment 2 Roman Drahtmueller 2003-09-30 22:17:05 UTC 
Added Uli Hecht. Uli, is there anything special with the openssl package
on sles8-s390(x)?
Comment 3 Roman Drahtmueller 2003-09-30 22:30:57 UTC 
putonftp text: Peter, bugs that don't affect the respective products do not
need mentioning in the putonftp. Don't forget to change the two strings for
the affected version in the putonftp header line.

suggested wording:

ALL     7.3-ALL    %UPDATE7.3      dxp
Security update: This update fixes a number of vulnerabilities in the openssl
package, known as ASN.1 parsing vulnerabilities (CAN-2003-0545, CAN-2003-0543,
CAN-2003-0544) that allow for a remote denial of service (DoS) or possibly
the execution of arbitrary code. You should reboot your system after applying
this update.
EOT
Sicherheitsupdate für das openssl-Paket - Dieses update behebt eine Reihe
Fehler, die als ASN.1 parsing Verwundbarkeit (CAN-2003-0545, CAN-2003-0543,
CAN-2003-0544) bekannt sind und eine DoS-Angriffsmöglichkeit oder potentiell
die Ausführung von beliebigem Code über das Netzwerk erlauben können. Sie 
sollten Ihr System neu starten, nachdem Sie dieses update eingespielt haben.
EOT
Comment 4 Peter Poeml 2003-09-30 22:43:51 UTC 
Uli, I have found
/work/SRC/old-versions/8.1/BETA/arch/s390/openssl-z990, is that the
recently created package? I can fix that, too
Comment 5 Peter Poeml 2003-09-30 23:03:00 UTC 
Created attachment 14718 [details]
appliable patch for 0.9.6*
Comment 6 Peter Poeml 2003-09-30 23:03:29 UTC 
Created attachment 14719 [details]
appliable patch for 0.9.7b
Comment 7 Peter Poeml 2003-09-30 23:29:53 UTC 
Created attachment 14720 [details]
patch for < 0.9.6f
Comment 8 Peter Poeml 2003-09-30 23:39:39 UTC 
Fixed packages submitted. Will also submit fixed openssl-z990 package.
Comment 9 Peter Poeml 2003-09-30 23:57:35 UTC 
List of submitted packages (with putonftps where appropriate):

openssl:
/work/SRC/old-versions/7.2/all/openssl   -> /work/src/done/7.2
/work/SRC/old-versions/7.3/all/openssl   -> /work/src/done/7.3
/work/SRC/old-versions/8.0/all/openssl   -> /work/src/done/8.0
/work/SRC/old-versions/8.1/BETA/all/openssl -> /work/src/done/UL1-BETA
/work/SRC/old-versions/8.1/UL/all/openssl -> /work/src/done/8.1
/work/SRC/old-versions/8.1/arch/axp/openssl -> /work/src/done/8.1/AXP/
/work/SRC/old-versions/8.2/all/openssl   -> /work/src/done/8.2
/work/SRC/old-versions/9.0/all/openssl   -> /work/src/done/9.0


openssl-z990:
/work/SRC/old-versions/8.1/BETA/arch/s390/openssl-z990 -> /work/src/done/UL1-BETA


Can someone confirm that 7.0-server is dead?
Comment 10 Ulrich Hecht 2003-10-01 16:49:01 UTC 
openssl-z990 is merely a recent version of openssl with support for IBM's new
hardware, installed to a different location so it can coexist with the normal
openssl package and will not break binary compatibility.
Comment 11 Roman Drahtmueller 2003-10-01 21:58:31 UTC 
QA has approved the patchinfo files. This was fast...
Comment 12 Thomas Biege 2003-10-02 01:21:02 UTC 
advisory released
Comment 13 Roman Drahtmueller 2003-10-02 21:46:45 UTC 
<!-- SBZ_reopen -->Reopened by draht@suse.de at Thu Oct  2 15:46:45 2003
Comment 14 Roman Drahtmueller 2003-10-02 21:46:45 UTC 
reopened.
Peter, do you think you can make an update package for 7.0-server, too?
The package would be necessary for Turing (www.suse.de).

Roman.
Comment 15 Frank Sundermeyer 2003-10-02 21:55:13 UTC 
JFYI:

IT already set up a new turing based on SLES 8. Due to heavy workload
I will not be able to configure and activate this machine within the next
few days, so I would be very thankful if you could update the old
turing (hopefully) for the last time.
Comment 16 Peter Poeml 2003-10-02 21:58:43 UTC 
I'll give it a go, but I am actually trying (since two days) to take a
few hours off work. Hang on...
Comment 17 Peter Poeml 2003-10-02 22:12:27 UTC 
0.9.6 has a lot of fixes for ASN1 handling over 0.9.5a, but the 0.9.6d
patch still applies and builds. However, I can't garuantee that there
are no other places in 0.9.5a where the bug is present. 

Anyway, asn1_lib.c is nearly unchanged:

--- openssl-0.9.5a/crypto/asn1/asn1_lib.c       2000-02-17 00:15:56.000000000 +0100
+++ openssl-0.9.6a.orig/crypto/asn1/asn1_lib.c  2001-04-05 22:10:04.000000000 +0200
@@ -181,7 +181,7 @@
             int xclass)
        {
        unsigned char *p= *pp;
-       int i;
+       int i, ttag;

        i=(constructed)?V_ASN1_CONSTRUCTED:0;
        i|=(xclass&V_ASN1_PRIVATE);
@@ -190,12 +190,15 @@
        else
                {
                *(p++)=i|V_ASN1_PRIMITIVE_TAG;
-               while (tag > 0x7f)
-                       {
-                       *(p++)=(tag&0x7f)|0x80;
-                       tag>>=7;
+               for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
+               ttag = i;
+               while(i-- > 0)
+                       {
+                       p[i] = tag & 0x7f;
+                       if(i != (ttag - 1)) p[i] |= 0x80;
+                       tag >>= 7;
                        }
-               *(p++)=(tag&0x7f);
+               p += ttag;
                }
        if ((constructed == 2) && (length == 0))
                *(p++)=0x80; /* der_put_length would output 0 instead */


x509_vfy.c has no fundamental changes either, so it doesn't look bad. 

Please find packages here:

http://aust.suse.de/pub/packages/openssl/7.0-server-i386/MD5SUMS
http://aust.suse.de/pub/packages/openssl/7.0-server-i386/openssl-0.9.5a-69.i386.rpm
http://aust.suse.de/pub/packages/openssl/7.0-server-i386/openssl-0.9.5a-69.src.rpm
http://aust.suse.de/pub/packages/openssl/7.0-server-i386/openssl.changes
http://aust.suse.de/pub/packages/openssl/7.0-server-i386/openssl.spec
http://aust.suse.de/pub/packages/openssl/7.0-server-i386/openssls-0.9.5a-69.i386.rpm

I can submit the sources later (they are in ~poeml/pac/openssl)
Comment 18 Peter Poeml 2003-10-02 22:18:09 UTC 
... if we want to check it into autobuild, that is.
Comment 19 Mads Martin Joergensen 2003-10-10 16:39:27 UTC 
So this is fixed, right? We released the advisory, Peter built 7.0-server
packages, and we probably already installed a new turing.

If it's fixed, then close it so we don't have critical bugs hanging around.
Comment 20 Peter Poeml 2003-10-10 16:48:18 UTC 
Silence indicates that everybody is happy -> set to FIXED