openssl vulnerabilities

29 September 2006

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 6.06 LTS
• Ubuntu 5.10
• Ubuntu 5.04

Software Description

Details

Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937)

Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940)

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server’s privileges. (CVE-2006-3738)

Tavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client’s session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses. (CVE-2006-4343)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS

libssl0.9.8 - 0.9.8a-7ubuntu0.2

Ubuntu 5.10

libssl0.9.7 - 0.9.7g-1ubuntu1.3

Ubuntu 5.04

libssl0.9.7 - 0.9.7e-3ubuntu0.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

References

• CVE-2006-2937
• CVE-2006-2940
• CVE-2006-3738
• CVE-2006-4343