Scientific Linux Security Update : openssl on SL5.x i386/x86_64

medium Nessus Plugin ID 60658

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

CVE-2009-0590 openssl: ASN1 printing crash

CVE-2009-1377 OpenSSL: DTLS epoch record buffer memory DoS

CVE-2009-1378 OpenSSL: DTLS fragment handling memory DoS

CVE-2009-1379 OpenSSL: DTLS pointer use-after-free flaw (DoS)

CVE-2009-1386 openssl: DTLS NULL deref crash on early ChangeCipherSpec request

CVE-2009-1387 openssl: DTLS out-of-sequence message handling NULL deref DoS

Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378,

CVE-2009-1379, CVE-2009-1386, CVE-2009-1387)

Note: These flaws only affect applications that use DTLS. Scientific Linux does not ship any DTLS client or server applications.

An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590)

Note: The affected function is rarely used. No application shipped with Scientific Linux calls this function, for example.

These updated packages also fix the following bugs :

 - 'openssl smime -verify -in' verifies the signature of the input file and the '-verify' switch expects a signed or encrypted input file. Previously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file.
 (BZ#472440)

 - when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode.
 Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817)

As well, these updated packages add the following enhancements :

 - both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798)

 - an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134)

 - the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798)

Solution

Update the affected openssl, openssl-devel and / or openssl-perl packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=457134

https://bugzilla.redhat.com/show_bug.cgi?id=472440

https://bugzilla.redhat.com/show_bug.cgi?id=475798

https://bugzilla.redhat.com/show_bug.cgi?id=479817

http://www.nessus.org/u?df0d6dcf

Plugin Details

Severity: Medium

ID: 60658

File Name: sl_20090902_openssl_on_SL5_x.nasl

Version: 1.12

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2009

Vulnerability Publication Date: 3/27/2009

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387

CWE: 119, 399