OpenSSL Security Advisory 20090325 - The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Other issues were also addressed.
1740e31a83c7080938d1549888d5d57117009bb5f4125b9b6e9a693b6f8595f8OpenSSL Security Advisory [25-Mar-2009]
Three moderate severity security flaws have been fixed in OpenSSL 0.9.8k.
ASN1 printing crash
===================
The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will crash with an invalid memory access if the encoded length
of the string is illegal. (CVE-2009-0590)
Any OpenSSL application which prints out the contents of a certificate could
be affected by this bug, including SSL servers, clients and S/MIME software.
Users of OpenSSL 0.9.8j or earlier should update to 0.9.8k which contains a
patch to correct this issue.
Incorrect Error Checking During CMS verification.
=================================================
The function CMS_verify() does not correctly handle an error condition
involving malformed signed attributes. This will cause an invalid set
of signed attributes to appear valid and content digests will not be
checked. (CVE-2009-0591)
These malformed attributes cannot be generated without access to he signer's
private key so an attacker cannot forge signatures. A valid signer could
however generate an invalid signature which appears valid and later repudiate
the signature.
The older PKCS#7 code is not affected.
This issue only affects CMS users: CMS is only present in OpenSSL 0.9.8h and
later where it is disabled by default and 0.9.9-dev.
Users of OpenSSL CMS code should update to 0.9.8k which contains a patch
to correct this issue.
Thanks to Ivan Nestlerode of IBM for reporting this issue.
Invalid ASN1 clearing check
===========================
When a malformed ASN1 structure is received it's contents are freed up and
zeroed and an error condition returned. On a small number of platforms where
sizeof(long) < sizeof(void *) (for example WIN64) this can cause an invalid
memory access later resulting in a crash when some invalid structures are
read, for example RSA public keys (CVE-2009-0789).
Any OpenSSL application which uses the public key of an untrusted certificate
could be crashed by a malformed structure. Including SSL servers, clients,
CA and S/MIME software.
Users of OpenSSL 0.9.8j or earlier on affected platforms should update to
0.9.8k which contains a patch to correct this issue.
Thanks to Paolo Ganci for reporting this issue.
References
===========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20090325.txt
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed