-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-securityat_private openpkgat_private OpenPKG-SA-2003.013 19-Feb-2003 ________________________________________________________________________ Package: openssl Vulnerability: obtain plaintext of SSL/TLS communication OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= openssl-0.9.7-20030111 >= openssl-0.9.7a-20030219 OpenPKG 1.2 <= openssl-0.9.7-1.2.0 >= openssl-0.9.7-1.2.1 OpenPKG 1.1 <= openssl-0.9.6g-1.1.0 >= openssl-0.9.6g-1.1.1 Affected Releases: Dependent Packages: OpenPKG CURRENT apache cadaver cpu curl dsniff easysoap ethereal exim fetchmail imap imapd inn linc links lynx mico mixmaster mozilla mutt nail neon openldap openvpn perl-ssl postfix postgresql qpopper samba sendmail siege sio sitecopy socat stunnel subversion sysmon w3m wget OpenPKG 1.2 apache cpu curl ethereal fetchmail imap inn links lynx mico mutt nail neon openldap perl-ssl postfix postgresql qpopper samba sendmail siege sitecopy socat stunnel sysmon w3m wget OpenPKG 1.1 apache curl fetchmail inn links lynx mutt neon openldap perl-ssl postfix postgresql qpopper samba siege sitecopy socat stunnel sysmon w3m Description: In an upcoming CRYPTO 2003 paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on SSL/TLS with CBC ciphersuites. According to an OpenSSL security advisory [0], the OpenSSL implementation is vulnerable to this attack. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0078 [2] to the problem. The attack assumes that multiple SSL/TLS connections involve a common fixed plaintext block, such as a password. An active attacker can substitute specifically made-up ciphertext blocks for blocks sent by legitimate SSL/TLS parties and measure the time until a response arrives. SSL/TLS includes data authentication to ensure that such modified ciphertext blocks will be rejected by the peer (and the connection aborted), but the attacker may be able to use timing observations to distinguish between two different error cases, namely block cipher padding errors and MAC verification errors. This is sufficient for an adaptive attack that finally can obtain the complete plaintext block. Although this cannot be easily exploited, because the attack requires the ability to be a man-in-the-middle, repeated communications that have a common plaintext block, decoding failures not signaling problems on the client and server side, and a network between the attacker and the server sufficient enough to reasonably observe timing differences. OpenSSL version since 0.9.6c supposedly treat block cipher padding errors like MAC verification errors during record decryption [1], but MAC verification was still skipped after detection of a padding error, which allowed the timing attack. Please check whether you are affected by running "<prefix>/bin/rpm -q openssl". If you have the "openssl" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) and it's dependent packages (see above), if any, too. [3][4] Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the current release OpenPKG 1.2, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.2/UPD ftp> get openssl-0.9.7-1.2.1.src.rpm ftp> bye $ <prefix>/bin/rpm -v --checksig openssl-0.9.7-1.2.1.src.rpm $ <prefix>/bin/rpm --rebuild openssl-0.9.7-1.2.1.src.rpm $ su - # <prefix>/bin/rpm -Fvh <prefix>/RPM/PKG/openssl-0.9.7-1.2.1.*.rpm Additionally, we recommend that you rebuild and reinstall all dependent packages (see above), if any, too. [3][4] ________________________________________________________________________ References: [0] http://www.openssl.org/news/secadv_20030219.txt [1] http://www.openssl.org/~bodo/tls-cbc.txt [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.1/UPD/openssl-0.9.6g-1.1.1.src.rpm [6] ftp://ftp.openpkg.org/release/1.2/UPD/openssl-0.9.7-1.2.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.1/UPD/ [8] ftp://ftp.openpkg.org/release/1.2/UPD/ [9] http://www.openpkg.org/security.html#signature ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkgat_private>" (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For instance, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <openpkgat_private> iD8DBQE+U68fgHWT4GPEy58RAgFGAKDFc5Uqd/Vywgo/hIVc7XfUY7dg2ACeMBjK a46TdeF9PpJpy44I21Mpo8A= =AI7g -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 11:54:25 PST