what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

OpenSSL Security Advisory 20090325

OpenSSL Security Advisory 20090325
Posted Mar 25, 2009
Site openssl.org

OpenSSL Security Advisory 20090325 - The function ASN1_STRING_print_ex() when used to print a BMPString or UniversalString will crash with an invalid memory access if the encoded length of the string is illegal. Other issues were also addressed.

tags | advisory
advisories | CVE-2009-0590, CVE-2009-0591, CVE-2009-0789
SHA-256 | 1740e31a83c7080938d1549888d5d57117009bb5f4125b9b6e9a693b6f8595f8

OpenSSL Security Advisory 20090325

Change Mirror Download
OpenSSL Security Advisory [25-Mar-2009]

Three moderate severity security flaws have been fixed in OpenSSL 0.9.8k.

ASN1 printing crash
===================

The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will crash with an invalid memory access if the encoded length
of the string is illegal. (CVE-2009-0590)

Any OpenSSL application which prints out the contents of a certificate could
be affected by this bug, including SSL servers, clients and S/MIME software.

Users of OpenSSL 0.9.8j or earlier should update to 0.9.8k which contains a
patch to correct this issue.

Incorrect Error Checking During CMS verification.
=================================================

The function CMS_verify() does not correctly handle an error condition
involving malformed signed attributes. This will cause an invalid set
of signed attributes to appear valid and content digests will not be
checked. (CVE-2009-0591)

These malformed attributes cannot be generated without access to he signer's
private key so an attacker cannot forge signatures. A valid signer could
however generate an invalid signature which appears valid and later repudiate
the signature.

The older PKCS#7 code is not affected.

This issue only affects CMS users: CMS is only present in OpenSSL 0.9.8h and
later where it is disabled by default and 0.9.9-dev.

Users of OpenSSL CMS code should update to 0.9.8k which contains a patch
to correct this issue.

Thanks to Ivan Nestlerode of IBM for reporting this issue.

Invalid ASN1 clearing check
===========================

When a malformed ASN1 structure is received it's contents are freed up and
zeroed and an error condition returned. On a small number of platforms where
sizeof(long) < sizeof(void *) (for example WIN64) this can cause an invalid
memory access later resulting in a crash when some invalid structures are
read, for example RSA public keys (CVE-2009-0789).

Any OpenSSL application which uses the public key of an untrusted certificate
could be crashed by a malformed structure. Including SSL servers, clients,
CA and S/MIME software.

Users of OpenSSL 0.9.8j or earlier on affected platforms should update to
0.9.8k which contains a patch to correct this issue.

Thanks to Paolo Ganci for reporting this issue.

References
===========

URL for this Security Advisory:
https://www.openssl.org/news/secadv_20090325.txt

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close