Mandriva Linux Security Advisory - A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the application's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code.
e2a55a0ddfe0e74375fa35335a37ec3b8f8a492c3c7d3bbcc030dfe764c45c83
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:193
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : October 4, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A flaw in how OpenSSL performed Montgomery multiplications was
discovered %that could allow a local attacker to reconstruct
RSA private keys by examining another user's OpenSSL processes
(CVE-2007-3108).
Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function
did not correctly check the size of the buffer it was writing to.
As a result, a remote attacker could exploit this to write one NULL
byte past the end of the applications's cipher list buffer, which could
possibly lead to a denial of service or the execution of arbitrary code
(CVE-2007-5135).
Updated packages have been patched to prevent these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
5c8d0d9913f050fb578249727ff354ff 2007.0/i586/libopenssl0.9.8-0.9.8b-2.3mdv2007.0.i586.rpm
53c7176ef6b16948aa6d5bb67def299d 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.3mdv2007.0.i586.rpm
1c8ef1064b4c632af64bc0ec1751ac89 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0.i586.rpm
bb608ba18b44a0dfbe36982e6a271b22 2007.0/i586/openssl-0.9.8b-2.3mdv2007.0.i586.rpm
540e96d09fbd35eb2eca24702cc0931d 2007.0/SRPMS/openssl-0.9.8b-2.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
3e23bf1e61fc8a19c7872079011788e6 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.3mdv2007.0.x86_64.rpm
65671d72b5bb5b915bc01ab2dc846c34 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.3mdv2007.0.x86_64.rpm
c16fd9258d72f6ccc3aaefafc75cd99d 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.3mdv2007.0.x86_64.rpm
ed45fcbd3374c335d074932dff91030b 2007.0/x86_64/openssl-0.9.8b-2.3mdv2007.0.x86_64.rpm
540e96d09fbd35eb2eca24702cc0931d 2007.0/SRPMS/openssl-0.9.8b-2.3mdv2007.0.src.rpm
Mandriva Linux 2007.1:
c5aad78d2ba1294bd3039abfcddd8382 2007.1/i586/libopenssl0.9.8-0.9.8e-2.2mdv2007.1.i586.rpm
31bca08992e98aed69c39ff479a18b29 2007.1/i586/libopenssl0.9.8-devel-0.9.8e-2.2mdv2007.1.i586.rpm
06c20e0fb027dce47c3833caddf87a2f 2007.1/i586/libopenssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1.i586.rpm
ee5037b0daafcbf083cf02be27419b3d 2007.1/i586/openssl-0.9.8e-2.2mdv2007.1.i586.rpm
a2ca18e0e306f519d6011eed118a02c8 2007.1/SRPMS/openssl-0.9.8e-2.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
02d5ae105bc7946b7dc6cfd498c681f4 2007.1/x86_64/lib64openssl0.9.8-0.9.8e-2.2mdv2007.1.x86_64.rpm
2778805e15d75e2bf4ecde66a5b21455 2007.1/x86_64/lib64openssl0.9.8-devel-0.9.8e-2.2mdv2007.1.x86_64.rpm
9003241feaccbc47091e46fa05bc8fb1 2007.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-2.2mdv2007.1.x86_64.rpm
d1fbd88ec3ffa6d4df856538b853ca59 2007.1/x86_64/openssl-0.9.8e-2.2mdv2007.1.x86_64.rpm
a2ca18e0e306f519d6011eed118a02c8 2007.1/SRPMS/openssl-0.9.8e-2.2mdv2007.1.src.rpm
Corporate 3.0:
2f687b8e796e5c11bfeda56fc250f460 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.8.C30mdk.i586.rpm
0a136b0188589daa96a275e2a908975f corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.8.C30mdk.i586.rpm
33e77c95c1ed8d2dd987c228db1f0b85 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.8.C30mdk.i586.rpm
92206bcee38e0161642214da33346dde corporate/3.0/i586/openssl-0.9.7c-3.8.C30mdk.i586.rpm
50ae55cf0a49e289928c6322cb6d38a1 corporate/3.0/SRPMS/openssl-0.9.7c-3.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
e79a1806eccc086a25fe531b4bb960d2 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.8.C30mdk.x86_64.rpm
824675fbf7aa8d32d49f629ebcb15e81 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.8.C30mdk.x86_64.rpm
8ccdb4d500319cd78e24225f8d746ee5 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.8.C30mdk.x86_64.rpm
44581db7a0c584364106030cc1f1ba60 corporate/3.0/x86_64/openssl-0.9.7c-3.8.C30mdk.x86_64.rpm
50ae55cf0a49e289928c6322cb6d38a1 corporate/3.0/SRPMS/openssl-0.9.7c-3.8.C30mdk.src.rpm
Corporate 4.0:
426c94750032db44cef75628fce870f3 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.6.20060mlcs4.i586.rpm
58322f979d059ba5d159673295388811 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.6.20060mlcs4.i586.rpm
9be093a49f1f39155ee6027142ae5910 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.6.20060mlcs4.i586.rpm
0d8cf221955d4fe023c531864e1834c1 corporate/4.0/i586/openssl-0.9.7g-2.6.20060mlcs4.i586.rpm
147ea629d4b5af8eac458f391284cbca corporate/4.0/SRPMS/openssl-0.9.7g-2.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
4d1bd83a0f0176c39fcc26fbe83e4164 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.6.20060mlcs4.x86_64.rpm
dc12b5da6598a34f18a43e04bb0956ac corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.6.20060mlcs4.x86_64.rpm
b8c7936de5ceb1a868f45e2128e828f9 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.6.20060mlcs4.x86_64.rpm
39b8c2cfae2941c825d61054f4a04bea corporate/4.0/x86_64/openssl-0.9.7g-2.6.20060mlcs4.x86_64.rpm
147ea629d4b5af8eac458f391284cbca corporate/4.0/SRPMS/openssl-0.9.7g-2.6.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
57c9c59fa9d048e9b707d938a0daa3b1 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.8.M20mdk.i586.rpm
8681281473c7b2472597456ad77938a9 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.8.M20mdk.i586.rpm
5d2a191ab92ec741d2546fb79d49e330 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.8.M20mdk.i586.rpm
0d00b0e6cbff0b4dbd4e9c9b3659b6f8 mnf/2.0/i586/openssl-0.9.7c-3.8.M20mdk.i586.rpm
448e7559127aef13218ef2272b671e0d mnf/2.0/SRPMS/openssl-0.9.7c-3.8.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHBVHkmqjQ0CJFipgRAuRYAKCget3UmVQq5wb7iEsW/YEUYwPYxgCeLSP4
MWA3mejShsFjsO8DOL3ePuY=
=Yr6e
-----END PGP SIGNATURE-----