Looks like everyone ON for openssl bug feast!! ;-) Is this different from SSL_get_shared_ciphers() buffer overflow (CVE-2006-3738)??
-d -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Pitt Sent: Thursday, September 28, 2006 8:30 AM To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com Subject: [Full-disclosure] [USN-353-1] openssl vulnerabilities =========================================================== Ubuntu Security Notice USN-353-1 September 28, 2006 openssl vulnerabilities CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.4 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.3 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937) Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server's privileges. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client's session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses. (CVE-2006-4343) Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu 0.4.diff.gz Size/MD5: 31608 073a299c1050059dddc16818fecd56c5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu 0.4.dsc Size/MD5: 645 eb30a98f7f176954987a8642bcda2ae7 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.ta r.gz Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0. 9.7e-3ubuntu0.4_amd64.udeb Size/MD5: 495242 d51b7cb655f0cd4010160d7e8546da41 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubu ntu0.4_amd64.deb Size/MD5: 2694098 3c87855cd1a4a2bb12dd1fef0acdca78 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ub untu0.4_amd64.deb Size/MD5: 770334 e0dff277aafa1f35fcc7995576374922 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu 0.4_amd64.deb Size/MD5: 904128 70a46effaa0b51162f9d84c609bba596 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0. 9.7e-3ubuntu0.4_i386.udeb Size/MD5: 433488 f1bd01ac7dd85f10cd5c32d6d78cb514 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubu ntu0.4_i386.deb Size/MD5: 2493770 5369e13ba790cecbff0854a0d173d11a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ub untu0.4_i386.deb Size/MD5: 2243328 62d80313f7ffdb047878a12687e5d689 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu 0.4_i386.deb Size/MD5: 901520 3791cb1125bde1a315955023c777e2ae powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0. 9.7e-3ubuntu0.4_powerpc.udeb Size/MD5: 499458 ec8af8b5ee0eaeb859a232e8a233b0dd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubu ntu0.4_powerpc.deb Size/MD5: 2774934 15270e8e78df08a6b7b5be55dc3d6553 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ub untu0.4_powerpc.deb Size/MD5: 779888 19a6e2d00d895845f556c44e044151f9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu 0.4_powerpc.deb Size/MD5: 908598 9b0fa35557f76a6b24de199e3323541c Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu 1.3.diff.gz Size/MD5: 32295 def7ac70ca1bc85e0c4ebbd4260a4461 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu 1.3.dsc Size/MD5: 657 0b1769211fafefd21cc37c07a932a714 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.ta r.gz Size/MD5: 3132217 991615f73338a571b6a1be7d74906934 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0. 9.7g-1ubuntu1.3_amd64.udeb Size/MD5: 499030 f8b4eac9e1bf96e10f8c30eab69649dd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu ntu1.3_amd64.deb Size/MD5: 2700532 2cd3f1e6ce79941b8946a80e78dbda64 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub untu1.3_amd64.deb Size/MD5: 773856 ee733077d079b9e36da96b795acbdc29 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu 1.3_amd64.deb Size/MD5: 913582 de9d0df5743ac33192195b94d063dc6c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0. 9.7g-1ubuntu1.3_i386.udeb Size/MD5: 431028 61d40d649af32133db15ec53918caa4a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu ntu1.3_i386.deb Size/MD5: 2480762 653bd5d137e0dc2ad6fc74491fd0fbb9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub untu1.3_i386.deb Size/MD5: 2204582 677d877964154251d8780b169688a060 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu 1.3_i386.deb Size/MD5: 904888 5079b31ec8fffa99838c43e42e968990 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0. 9.7g-1ubuntu1.3_powerpc.udeb Size/MD5: 476060 6460459d1e4814f183a89cf81ecf022c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu ntu1.3_powerpc.deb Size/MD5: 2657180 0fde1af2915b4693664a9e74a2ed8601 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub untu1.3_powerpc.deb Size/MD5: 752946 77a8a8501ff4ad35266447a38ada5d13 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu 1.3_powerpc.deb Size/MD5: 910630 126076de0fe5f7693953276c7c668971 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0. 9.7g-1ubuntu1.3_sparc.udeb Size/MD5: 452356 f255548c1df1fe1f8e895ebcb3df6b81 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubu ntu1.3_sparc.deb Size/MD5: 2570856 5bd4aea0262f6603cd8dcfe54e4c5c84 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ub untu1.3_sparc.deb Size/MD5: 1792562 376e9010e9be775faccc9e1f350e6ab9 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu 1.3_sparc.deb Size/MD5: 918608 424c15da9d050abcb50bf8bbe460a201 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu 0.2.diff.gz Size/MD5: 38612 7c8d54fe8b0a7f3fd04973d0caf4e561 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu 0.2.dsc Size/MD5: 816 11829550f1f01bb297687320de351567 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.ta r.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0. 9.8a-7ubuntu0.2_amd64.udeb Size/MD5: 571660 3f1e1fb3a1d647e89e8d2c8957ac7515 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu ntu0.2_amd64.deb Size/MD5: 2166962 b4dc05821c8e0257f2de1f66d60fe76b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a -7ubuntu0.2_amd64.deb Size/MD5: 1681664 85a9864fd04f3148d80debfe62baf27e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub untu0.2_amd64.deb Size/MD5: 874726 b745ed4bc29c6ef1e6f04843da7075f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu 0.2_amd64.deb Size/MD5: 984430 6c44bb70358de400212abdb8603c632b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0. 9.8a-7ubuntu0.2_i386.udeb Size/MD5: 509398 d003af0377dd2c4626c8a2968e88dec6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu ntu0.2_i386.deb Size/MD5: 2023488 33d7fb4e61731e6a3d3696035e5e7475 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a -7ubuntu0.2_i386.deb Size/MD5: 5049880 643b1bd41b95d9b8d5e7503fa877095a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub untu0.2_i386.deb Size/MD5: 2594328 0d883c64b2eed5a87b5251099d571b9f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu 0.2_i386.deb Size/MD5: 975820 e2fb9756f9be6a9c6dcc8440722cbae0 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0. 9.8a-7ubuntu0.2_powerpc.udeb Size/MD5: 557832 0e2ab74f6eb2edaede39a75708a0ba85 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu ntu0.2_powerpc.deb Size/MD5: 2180720 48ab01b68fe292838283e670b200f71e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a -7ubuntu0.2_powerpc.deb Size/MD5: 1726256 8969623cd03454d23d6a1377bd7a84a6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub untu0.2_powerpc.deb Size/MD5: 861072 b2657f1e3f44972cc4847e558101fac0 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu 0.2_powerpc.deb Size/MD5: 979948 131b80f74dbecc0bbf7612a1d75762dd sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0. 9.8a-7ubuntu0.2_sparc.udeb Size/MD5: 530804 394500b55746ee58bd74dbd40e4cc754 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubu ntu0.2_sparc.deb Size/MD5: 2092366 b3519eafe025f19f0bd1abc1b8305865 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a -7ubuntu0.2_sparc.deb Size/MD5: 3940942 9ff4a8eddbd8685dccfd74a376e0d9dd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ub untu0.2_sparc.deb Size/MD5: 2090730 7a98b80bfffca5cf2435df0835a37f27 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu 0.2_sparc.deb Size/MD5: 987898 0f7f8fb86af538d8828149545124d0d2 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/