The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of OpenSSL: bypassing signature check

Synthesis of the vulnerability 

The OpenSSL client does not correctly validates signatures presented by the server.
Vulnerable software: Debian, Fedora, FreeBSD, HP-UX, Mandriva Linux, Mandriva NF, Nortel VPN Router, NLD, OES, OpenBSD, OpenSolaris, OpenSSL, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, TurboLinux, ESX.
Severity of this announce: 3/4.
Creation date: 07/01/2009.
Références of this computer vulnerability: 2009009350, 250826, 6786120, BID-33150, c01706219, CERTA-2009-AVI-006, CERTA-2009-AVI-009, CERTA-2010-AVI-268, CVE-2008-5077, DSA-1701-1, FEDORA-2009-0325, FEDORA-2009-0331, FEDORA-2009-0419, FEDORA-2009-0543, FEDORA-2009-0577, FEDORA-2009-0636, FEDORA-2009-1914, FEDORA-2009-2090, FreeBSD-SA-09:02.openssl, HPSBUX02418, MDVSA-2009:001, ocert-2008-016, openSUSE-SU-2011:0845-1, SSA:2009-014-01, SSRT090002, SUSE-SA:2009:006, SUSE-SU-2011:0847-1, TLSA-2009-5, VIGILANCE-VUL-8371, VMSA-2009-0004, VMSA-2009-0004.1, VMSA-2009-0004.2, VMSA-2009-0004.3.

Description of the vulnerability 

The EVP interface of OpenSSL provides high level features, independent of used algorithms. The EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() functions check signatures.

The EVP_VerifyFinal() function returns:
 - either +1 if the signature is valid
 - either 0 if the signature is invalid
 - either -1 if an unexpected error occurred

However, instead of using:
  if (EVP_VerifyFinal(...) <= 0) error;
the SSL client uses:
  if (!EVP_VerifyFinal(...)) error;
Unexpected errors are thus handled as valid signatures.

This vulnerability impacts the SSL client, when a DSA or ECDSA signature is checked.

An attacker can therefore setup a SSL server with a malicious certification chain. He can also setup a Man-In-The-Middle attack and offer an invalid certification chain. Both attacks are undetected by the OpenSSL client, and the victim can think he is connected to a trusted site.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Debian, Fedora, FreeBSD, HP-UX, Mandriva Linux, Mandriva NF, Nortel VPN Router, NLD, OES, OpenBSD, OpenSolaris, OpenSSL, openSUSE, Solaris, Trusted Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, TurboLinux, ESX.

Our Vigil@nce team determined that the severity of this computer weakness is important.

The trust level is of type confirmed by the editor, with an origin of internet server.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat 

OpenSSL: version 0.9.8j.
Version 0.9.8j is corrected:
  http://www.openssl.org/

Nortel VPN Router: solution for OpenSSL.
The Nortel announce indicates solutions depending of versions of products.

Debian: new openssl packages.
New packages are available:
  http://security.debian.org/pool/updates/main/o/openssl097/*_0.9.7k-3.1etch2_*.deb
  http://security.debian.org/pool/updates/main/o/openssl/*_0.9.8c-4etch4_*.deb

Fedora: new nessus packages.
New packages are available:
  libnasl-2.2.11-3.fc9
  nessus-core-2.2.11-1.fc9
  nessus-libraries-2.2.11-1.fc9
  libnasl-2.2.11-3.fc10
  nessus-core-2.2.11-1.fc10
  nessus-libraries-2.2.11-1.fc10

Fedora: new openssl packages.
New packages are available:
  openssl-0.9.8g-9.12.fc9
  openssl-0.9.8g-12.fc10

Fedora: new perl-Crypt-OpenSSL-DSA packages.
New packages are available:
  perl-Crypt-OpenSSL-DSA-0.13-9.fc9
  perl-Crypt-OpenSSL-DSA-0.13-12.fc10

Fedora: new tqsllib packages.
New packages are available:
  tqsllib-2.0-5.fc9
  tqsllib-2.0-5.fc10

FreeBSD: patch for OpenSSL.
A patch is available:
FreeBSD 7.x
  fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch
  fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc
FreeBSD 6.x
  fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch
  fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc

HP-UX: OpenSSL versions.
Following versions are corrected:
  B.11.11 : A.00.09.07m.046
  B.11.23 : A.00.09.07m.047
  B.11.31 : A.00.09.08j.003

Mandriva: new openssl packages.
New packages are available:
 Mandriva Linux 2008.0: openssl-0.9.8e-8.2mdv2008.0
 Mandriva Linux 2008.1: openssl-0.9.8g-4.2mdv2008.1
 Mandriva Linux 2009.0: openssl-0.9.8h-3.1mdv2009.0
 Corporate 3.0: openssl-0.9.7c-3.9.C30mdk
 Corporate 4.0: openssl-0.9.7g-2.7.20060mlcs4
 Multi Network Firewall 2.0: openssl-0.9.7c-3.9.C30mdk

OpenBSD: patch for OpenSSL.
A patch is available:
OpenBSD 4.3:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/007_openssl.patch
OpenBSD 4.4:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/007_openssl.patch

RHEL: new openssl packages.
New packages are available:
Red Hat Enterprise Linux version 2.1 :
  openssl-0.9.6b-49
  openssl095a-0.9.5a-34
  openssl096-0.9.6-34
Red Hat Enterprise Linux version 3:
  openssl-0.9.7a-33.25
  openssl096b-0.9.6b-16.49
Red Hat Enterprise Linux version 4:
  openssl-0.9.7a-43.17.el4_7.2
  openssl096b-0.9.6b-22.46.el4_7
Red Hat Enterprise Linux version 5:
  openssl-0.9.8b-10.el5_2.1
  openssl097a-0.9.7a-9.el5_2.1

Slackware: new openssl packages.
New packages are available:
Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-2_slack11.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8h-i486-2_slack11.0.tgz
Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-2_slack12.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8h-i486-2_slack12.0.tgz
Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-2_slack12.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8h-i486-2_slack12.1.tgz
Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-2_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8i-i486-2_slack12.2.tgz

Solaris: patch for OpenSSL.
A patch is available:
  SPARC Platform
    Solaris 10 : patch 139500-03
    OpenSolaris : build snv_107
  x86 Platform
    Solaris 10 : patch 139501-02
    OpenSolaris : build snv_107

Sun SPARC Enterprise: patch for OpenSSL.
A patch is available in information sources.

SUSE: new compat-openssl097g packages.
New packages are available, as indicated in information sources.

SUSE: new openssl packages.
New packages are available.

Turbolinux: new openssl packages.
New packages are available.

VMware: new openssl, bind, vim packages.
New packages are available:
  ESX 4.0 ESX400-200912402-SG (openssl)
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip
  md5sum: 78c6cf139b7941dc736c9d3a41deae77
  sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59
  http://kb.vmware.com/kb/1016292
  ESX 3.5 ESX350-200904408-SG (openssl)
  http://download3.vmware.com/software/vi/ESX350-200904408-SG.zip
  md5sum: 3af12e08ec0e5f84b1b2646cb1ad0225
  http://kb.vmware.com/kb/1010133
  ESX 3.5 ESX350-200904407-SG (bind)
  http://download3.vmware.com/software/vi/ESX350-200904407-SG.zip
  md5sum: a1b9dbb410e76e2fd410d6766b1df210
  http://kb.vmware.com/kb/1010132
  ESX 3.5 ESX350-200904406-SG (vim)
  http://download3.vmware.com/software/vi/ESX350-200904406-SG.zip
  md5sum: a416ecc6e97fa484873026b8110672e7
  http://kb.vmware.com/kb/1010131
  ESX 3.0.3 ESX303-200903406-SG (openssl)
  http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip
  md5sum: 45a2d32f9267deb5e743366c38652c92
  http://kb.vmware.com/kb/1008416
  ESX 3.0.3 ESX303-200903405-SG (bind)
  http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip
  md5sum: 34d00fd9cca7f3e08c0857b4cc254710
  http://kb.vmware.com/kb/1008415
  ESX 3.0.3 ESX303-200903403-SG (vim)
  http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip
  md5sum: 9790c9512aef18beaf0d1c7d405bed1a
  http://kb.vmware.com/kb/1008413
  ESX 3.0.2 ESX-1008409 (openssl)
  http://download3.vmware.com/software/vi/ESX-1008409.tgz
  md5sum: cb25fd47bc0713b968d8778c033bc846
  http://kb.vmware.com/kb/1008409
  ESX 3.0.2 ESX-1008408 (bind)
  http://download3.vmware.com/software/vi/ESX-1008408.tgz
  md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a
  http://kb.vmware.com/kb/1008408
  ESX 3.0.2 ESX-1008406 (vim)
  http://download3.vmware.com/software/vi/ESX-1008406.tgz
  md5sum: f069daa58190b39e431cedbd26ce25ef
  http://kb.vmware.com/kb/1008406
  ESX 2.5.5 Upgrade Patch 13
  http://www.vmware.com/support/esx25/doc/esx-255-200905-patch.html
  http://download3.vmware.com/software/esx/esx-2.5.5-161312-upgrade.tar.gz
  md5sum: a477b7819f5a0d4cbd38b98432a48c88
  sha1sum: cceb38898108e48cc5b7e3298a03a369aa783699
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an applications vulnerabilities watch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.