RHSA-2010:0173

Executive Summary

Summary
Title	openssl096b security update

Informations
Name	RHSA-2010:0173	First vendor Publication	2010-03-25
Vendor	RedHat	Last vendor Modification	2010-03-25
Severity (Vendor)	Important	Revision	02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated openssl096b packages that fix one security issue are now available
for Red Hat Enterprise Linux 3 and 4.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.

It was discovered that OpenSSL did not always check the return value of the
bn_wexpand() function. An attacker able to trigger a memory allocation
failure in that function could cause an application using the OpenSSL
library to crash or, possibly, execute arbitrary code. (CVE-2009-3245)

All openssl096b users should upgrade to these updated packages, which
contain a backported patch to resolve this issue. For the update to take
effect, all programs using the openssl096b library must be restarted.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0173.html

CWE : Common Weakness Enumeration

id	Name
CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9790

Oval ID:	oval:org.mitre.oval:def:9790
Title:	OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
Description:	OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3245	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND openssl096b is earlier than 0:0.9.6b-16.50 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND openssl096b is earlier than 0:0.9.6b-22.46.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8e-12.el5_4.6 AND openssl-devel is earlier than 0:0.9.8e-12.el5_4.6 AND openssl is earlier than 0:0.9.8e-12.el5_4.6

Definition Id: oval:org.mitre.oval:def:6640

Oval ID:	oval:org.mitre.oval:def:6640
Title:	VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
Description:	OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3245	Version:	3
Platform(s):	VMWare ESX Server 4	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201009401-SG is not installed.

Definition Id: oval:org.mitre.oval:def:11738

Oval ID:	oval:org.mitre.oval:def:11738
Title:	HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
Description:	OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3245	Version:	3
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02517 HP Release B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08n.002 AND openssl.OPENSSL-CONF version is less than A.00.09.08n.002 AND openssl.OPENSSL-DOC version is less than A.00.09.08n.002 AND openssl.OPENSSL-INC version is less than A.00.09.08n.002 AND openssl.OPENSSL-LIB version is less than A.00.09.08n.002 AND openssl.OPENSSL-MAN version is less than A.00.09.08n.002 AND openssl.OPENSSL-MIS version is less than A.00.09.08n.002 AND openssl.OPENSSL-PRNG version is less than A.00.09.08n.002 AND openssl.OPENSSL-PVT version is less than A.00.09.08n.002 AND openssl.OPENSSL-SRC version is less than A.00.09.08n.002 AND openssl.OPENSSL-RUN version is less than A.00.09.08n.002 OR Criteria meets HP Security Bulletin HPSBUX02517 HP Release B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08n.001 AND openssl.OPENSSL-CONF version is less than A.00.09.08n.001 AND openssl.OPENSSL-DOC version is less than A.00.09.08n.001 AND openssl.OPENSSL-INC version is less than A.00.09.08n.001 AND openssl.OPENSSL-LIB version is less than A.00.09.08n.001 AND openssl.OPENSSL-MAN version is less than A.00.09.08n.001 AND openssl.OPENSSL-MIS version is less than A.00.09.08n.001 AND openssl.OPENSSL-PRNG version is less than A.00.09.08n.001 AND openssl.OPENSSL-SRC version is less than A.00.09.08n.001 AND openssl.OPENSSL-PVT version is less than A.00.09.08n.001 AND openssl.OPENSSL-RUN version is less than A.00.09.08n.001 OR Criteria meets HP Security Bulletin HPSBUX02517 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08n.003 AND openssl.OPENSSL-CONF version is less than A.00.09.08n.003 AND openssl.OPENSSL-DOC version is less than A.00.09.08n.003 AND openssl.OPENSSL-INC version is less than A.00.09.08n.003 AND openssl.OPENSSL-LIB version is less than A.00.09.08n.003 AND openssl.OPENSSL-MAN version is less than A.00.09.08n.003 AND openssl.OPENSSL-MIS version is less than A.00.09.08n.003 AND openssl.OPENSSL-PRNG version is less than A.00.09.08n.003 AND openssl.OPENSSL-PVT version is less than A.00.09.08n.003 AND openssl.OPENSSL-SRC version is less than A.00.09.08n.003 AND openssl.OPENSSL-RUN version is less than A.00.09.08n.003

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl Openssl cpe:/a:openssl:openssl:0.9.8l cpe:/a:openssl:openssl:0.9.8k cpe:/a:openssl:openssl:0.9.8j cpe:/a:openssl:openssl:0.9.8i cpe:/a:openssl:openssl:0.9.8h cpe:/a:openssl:openssl:0.9.8g cpe:/a:openssl:openssl:0.9.8f cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.8	13

Open Source Vulnerability Database (OSVDB)

id	Description
62844	OpenSSL bn_wexpand Function NULL Return Value Check Weakness

Type	Count
Oval ID(s)	3
CPE ID(s)	13
osvdb(s)	1

Related	Severity
CVE-2009-3245	(Critical)

Same Subject	Severity
Login to view 9 more Alert(s)

RHSA-2010:0173

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU