首页 -> 安全研究

安全研究

安全漏洞
OpenSSL SSL_get_shared_ciphers远程缓冲区溢出漏洞

发布日期:2006-09-26
更新日期:2006-11-29

受影响系统:
FreeBSD FreeBSD 6.1
FreeBSD FreeBSD 6.0
FreeBSD FreeBSD 5.5
FreeBSD FreeBSD 5.4
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 4.11
OpenSSL Project OpenSSL < 0.9.8d
OpenSSL Project OpenSSL < 0.9.7l
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop 4
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1
不受影响系统:
OpenSSL Project OpenSSL 0.9.8d
OpenSSL Project OpenSSL 0.9.7l
描述:
BUGTRAQ  ID: 20249
CVE(CAN) ID: CVE-2006-3738

OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。

OpenSSL的SSL_get_shared_ciphers()函数在处理共享密码列表的长度时存在缓冲区溢出漏洞,远程攻击者可以向使用这个函数的应用程序发送密码列表来触发这个漏洞,导致执行任意代码。

<*来源:Tavis Ormandy (taviso@gentoo.org
        Will Drewry (wad@google.com
  
  链接:http://www.kb.cert.org/vuls/id/547300
        http://www.openssl.org/news/secadv_20060928.txt
        http://secunia.com/advisories/22799/
        http://secunia.com/advisories/22758/
        http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml
        http://docs.info.apple.com/article.html?artnum=304829
        http://secunia.com/advisories/23155/
        http://lwn.net/Alerts/201933
        http://www.debian.org/security/2006/dsa-1185
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:23.openssl.asc
        http://www.us-cert.gov/cas/techalerts/TA06-333A.html
        http://www.debian.org/security/2006/dsa-1195
        http://security.gentoo.org/glsa/glsa-200610-11.xml
        ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102668-1
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102711-1
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1195-1)以及相应补丁:
DSA-1195-1:new openssl096 packages fix denial of service
链接:http://www.debian.org/security/2005/dsa-1195

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.diff.gz
Size/MD5 checksum:    21115 9019caf796eb866f24d5949503b1cdb5
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
Size/MD5 checksum:  2184918 1b63bfdca1c37837dddde9f1623498f9
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.dsc
Size/MD5 checksum:      617 7d60c6c3ecdf502734068ab2a8b32118

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_alpha.deb
Size/MD5 checksum:  1966534 9f78dcc0f9685641a7fc3d927370d819

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_amd64.deb
Size/MD5 checksum:   578632 f1574a0058e85cb0e2c6cff996530c97

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_arm.deb
Size/MD5 checksum:   519304 66fa4a65d803f0115dd80d5359944a2d

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_hppa.deb
Size/MD5 checksum:   587946 353d46f3351d5a19dfdaf22f605fc627

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_i386.deb
Size/MD5 checksum:  1756270 2747688d91dfe1cd00430a74bdef6265

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_ia64.deb
Size/MD5 checksum:   815662 45a5b6503ed631149fea28b37a980e21

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_m68k.deb
Size/MD5 checksum:   477288 da4ddff773fd7d6af0604363719b368a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mips.deb
Size/MD5 checksum:   577284 d2bf3c9d86dbba15bbb9d1cb93a6fc51

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mipsel.deb
Size/MD5 checksum:   569246 75d69f033f833b7928a8ca521efb95ea

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_powerpc.deb
Size/MD5 checksum:   582928 72be71aae8b781ca5a7b1d1b2e738541

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_s390.deb
Size/MD5 checksum:   602874 e671b41d37d34b7d2055eaca112be269

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_sparc.deb
Size/MD5 checksum:  1460162 acfb3e17f005c32268fa1def17ea884b

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-06:23)以及相应补丁:
FreeBSD-SA-06:23:Multiple problems in crypto(3)
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:23.openssl.asc

补丁下载:

执行以下步骤之一:

1) 将有漏洞的系统升级到4-STABLE, 5-STABLE或6-STABLE,或修改日期之后的RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3或RELENG_4_11安全版本.

2) 为当前系统打补丁:

以下补丁确认可应用于FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0和6.1系统.

a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名.

# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc

b) 以root执行以下命令:

# cd /usr/src
# patch < /path/to/patch

c) 如<URL: http://www.freebsd.org/handbook/makeworld.html> 所述重新编译并重启系统.

OpenSSL Project
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.openssl.org/source/openssl-0.9.7l.tar.gz
http://www.openssl.org/source/openssl-0.9.8d.tar.gz

RedHat
------
http://www.debian.org/security/2006/dsa-1195

SGI
---
SGI已经为此发布了一个安全公告(20061001-01-P)以及相应补丁:
20061001-01-P:SGI Advanced Linux Environment 3 Security Update #64
链接:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-102711)以及相应补丁:
Sun-Alert-102711:Security Vulnerabilities in OpenSSL May Lead to a Denial of Service (DoS) to Applications or Execution of Arbitrary Code With Elevated Privileges
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102711-1

Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200610-11)以及相应补丁:
GLSA-200610-11:OpenSSL: Multiple vulnerabilities
链接:http://security.gentoo.org/glsa/glsa-200610-11.xml

所有OpenSSL 0.9.8用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"

所有OpenSSL 0.9.7用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"

浏览次数:4794
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客