AusCERT - ESB-2006.0897 -- [Solaris] -- Security Vulnerability With RSA Signatures Affects OpenSSL Shipped With Solaris

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2006.0897 -- [Solaris] -- Security Vulnerability With RSA Signatures Affects OpenSSL Shipped With Solaris
Date: 14 November 2007
References: AL-2006.0074

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                        ESB-2006.0897 -- [Solaris]
        Security Vulnerability With RSA Signatures Affects OpenSSL
                           Shipped With Solaris
                             15 November 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              OpenSSL
Publisher:            Sun Microsystems
Operating System:     Solaris 9
                      Solaris 10
Impact:               Reduced Security
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-4339

Ref:                  AL-2006.0074

Original Bulletin:    
  http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102744-1

Revision History:     November 15 2007: Updated the Contributing Factors to 
                                        provide commands that test if a 
                                        system is vulnerable.
                      November 14 2007: Updated the product field to include 
                                        Solaris 9. 
                                        Updated the Contributing Factors to 
                                        include all vulnerable applications 
                                        and releases. 
                                        Updated the Resolution to list the 
                                        releases that fix this 
                                        vulnerability.
                      December 11 2006: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------


Sun(sm) Alert Notification
     * Sun Alert ID: 102744
     * Synopsis: Security Vulnerability With RSA Signatures Affects
       OpenSSL Shipped With Solaris
     * Category: Security
     * Product: Solaris 9 Operating System, Solaris 10 Operating System
     * BugIDs: 6467218
     * Avoidance: Patch, Workaround
     * State: Resolved
     * Date Released: 08-Dec-2006, 08-Nov-2007
     * Date Closed: 08-Nov-2007
     * Date Modified: 08-Nov-2007, 13-Nov-2007

1. Impact

   A security vulnerability in the RSA signature verification
   implementation in the OpenSSL product may incorrectly verify data
   signed with a forged signature. This will affect applications which
   make use of OpenSSL to verify RSA signatures. The direct impact to
   these applications will depend on the way in which this signed data is
   used.

   OpenSSL is shipped with Solaris 10 (see openssl(5)). This library is
   not shipped with Solaris 9, however, a number of Solaris 9
   applications statically link against this library and may be affected
   by these vulnerabilities. This Sun Alert provides details about the
   individual patches which should be installed to update the OpenSSL
   product on Solaris 10 and all potentially impacted Solaris 9
   applications.

   This issue is also described in the following documents:
     * CERT VU#845620 at: http://www.kb.cert.org/vuls/id/845620
     * CVE-2006-4339 at:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

   Note: The issue described in this Sun Alert is specific to the OpenSSL
   shipped with Solaris. Multiple Sun products are affected by this
   issue. For more details please see Sun Alert 102648.

2. Contributing Factors

   These issues can occur with the OpenSSL included in the following
   applications and releases:

   SPARC Platform
     * Solaris 9 SSH without patches 113273-14 and 114356-11
     * Solaris 9 Packaging utilities without patch 113713-24
     * Solaris 10 without patch 121229-02

   x86 Platform
     * Solaris 9 SSH without patches 114357-10 and 114858-11
     * Solaris 9 Packaging utilities without patch 114568-23
     * Solaris 10 without patch 121230-02

   Note 1: Solaris 8 is not impacted by this issue.

   Note 2: Solaris 9 does not ship with OpenSSL libraries which can be
   used for application linking.

   Note 3: The Solaris 9 SSH patches listed above update the OpenSSL
   library used by SSH to a version that is not impacted by this issue.
   However, this fix is not required for Solaris 9 systems which have the
   following patches installed, as the SSH that is contained in those
   patches does not make use of the impacted code from the OpenSSL
   library:
     * Solaris 9 SPARC patches 112908-24, 113273-11,
       114356-07, 117177-02 (or later revisions of these patches)
     * Solaris 9 x86 patches 114263-05, 114357-07, 114858-09,
       115168-11, 117178-02 (or later revisions of these patches)

   Note 4: This issue is only exploitable in cases where keys with
   certain properties are used. Tools such as openssl(1) (which is
   shipped with Solaris 10, Solaris 9 does not include a tool which can
   be used for this purpose) can be used to get the needed properties:
    $ openssl x509 -pubkey -in server.crt -text

   If the output contains the following lines, then signatures of this
   key can be forged:
    Public Key Algorithm: rsaEncryption
    Exponent: 3 (0x3)

   For more information about displaying public keys and certificate
   signature verification, see the openssl(1) manual page on Solaris 10.

   As an example of an affected application, Solaris 10 is distributed
   with the Apache web server. This server can be configured to accept
   connections with the HTTPS protocol. Since Apache uses OpenSSL for
   cryptographic operations it may be impacted by this vulnerability
   under certain circumstances.

   To verify that a system running the Apache web server is configured to
   accept HTTPS connections a command such as the following can be used:
    $ svcprop -p httpd/ssl svc:network/http:apache2

   If the above command reports "true" then Apache is configured to
   accept HTTPS connections.

   The following command can be used to check whether a system that is
   configured to accept HTTPS connections uses certificates for client
   authentication:
    $ grep SSLVerifyClient /etc/apache2/ssl.conf

   If the output contains the following line, then the system is
   vulnerable:
    SSLVerifyClient require

   In such cases, an unprivileged remote user could gain access to
   restricted documents served by the Apache server. This depends on the
   type of certificates in use, as described above.

3. Symptoms

   There are no predictable symptoms that would indicate the described
   issue has been exploited to forge a signature for trusted application
   data. 

4. Relief/Workaround

   Until patches can be applied, sites may wish to disable the
   verification of RSA signatures or only enable the verification of RSA
   signatures created with RSA keys that have an exponent other than 3.

   Please see the application documentation for instructions on how to
   disable verification of certificates containing keys with the above
   mentioned properties.

5. Resolution

   These issues are addressed in the following releases:

   SPARC Platform
     * Solaris 9 SSH with patches 113273-14 and 114356-11 or
       later
     * Solaris 9 Packaging utilities with patch 113713-24 or later
     * Solaris 10 with patch 121229-02 or later

   x86 Platform
     * Solaris 9 SSH with patches 114357-10 and 114858-11 or
       later
     * Solaris 9 Packaging utilities with patch 114568-23 or later
     * Solaris 10 with patch 121230-02 or later

Change History

   08-Nov-2007:
     * State: Resolved
     * Updated the Product field
     * Updated Contributing Factors and Resolution sections

   13-Nov-2007:
     * Updated the Contributing Factors section

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRzuDfSh9+71yA2DNAQJb+wP/dc7l9D/FpZXD1ougQ9amj69P02aLax73
q90xxvB+GEcrDe6CS3S1rXIrqHk87ixXcdXMPbHW4meFuSQRCCAk7ghsPStKbKFd
vyCP0YqUm02Q6A0hx3Wsg59zs6g+nnbg+Vz0aTsKKJMIzBD694rei9J5CXnVgbAT
LSfQDlp8LCM=
=mM3c
-----END PGP SIGNATURE-----