UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities

[security@xxxxxxx]

To: announce@xxxxxxxxxxxxx bugtraq@xxxxxxxxxxxxxxxxx 
full-disclosure@xxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

                        SCO Security Advisory

Subject:                UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL 
Multiple Vulnerabilities
Advisory number:        CSSA-2003-SCO.25
Issue date:             2003 October 01
Cross reference:
______________________________________________________________________________


1. Problem Description

        OpenSSL is a commercial-grade, full-featured, open source
        toolkit that implements Secure Sockets Layer (SSL v2/v3)
        and Transport Layer Security (TLS v1) protocols, as well
        as a full-strength general purpose cryptography library.

        Multiple vulnerabilities have been found that could result
        in denial of service. NISCC (www.niscc.gov.uk) prepared a
        test suite to check the operation of SSL/TLS software when
        presented with a wide range of malformed client certificates.

        Dr Stephen Henson (steve@xxxxxxxxxxx) of the OpenSSL core
        team identified and prepared fixes for a number of
        vulnerabilities in the OpenSSL ASN1 code when running the
        test suite. 

        A bug in OpenSSLs SSL/TLS protocol was also identified which 
        causes OpenSSL to parse a client certificate from an SSL/TLS 
        client when it should reject it as a protocol error. For the 
        full OpenSSL advisory please see:
        http://www.openssl.org/news/secadv_20030930.txt 

        The Common Vulnerabilities and Exposures project (cve.mitre.org) 
        has assigned the name CAN-2003-0545 and CAN-2003-0543 and
        CAN-2003-0544 to these issues. 

        CERT has assigned the names VU#935264, VU#255484 and VU#255484 
        to these issues. 

        CERT VU#935264 / CAN-2003-0545: Double-free vulnerability in
        OpenSSL 0.9.7 allows remote attackers to cause a denial
        of service (crash) and possibly execute arbitrary code via
        an SSL client certificate with a certain invalid ASN.1
        encoding. 

        CERT VU#255484 / CAN-2003-0543: Integer overflow
        in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause
        a denial of service (crash) via an SSL client certificate
        with certain ASN.1 tag values. 

        CERT VU#255484 / CAN-2003-0544:
        OpenSSL 0.9.6 and 0.9.7 does not properly track the number
        of characters in certain ASN.1 inputs, which allows remote
        attackers to cause a denial of service (crash) via an SSL
        client certificate that causes OpenSSL to read past the
        end of a buffer when the long form is used. 


2. Vulnerable Supported Versions

        System                          Binaries
        ----------------------------------------------------------------------
        UnixWare 7.1.3, 
        Open UNIX 8.0.0,
        UnixWare 7.1.1 
                                        /usr/lib/libcrypto.a 
                                        /usr/lib/libcrypto.so.0.9.7
                                        /usr/lib/libssl.a 
                                        /usr/lib/libssl.so.0.9.7
3. Solution

        The proper solution is to install the latest packages.


4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1

        4.1 The OpenSsl package must be installed.  It is located at

        ftp://ftp.sco.com/pub/unixware7/713/uw713up/openssl.image

        4.2 Location of Fixed Binaries

        ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.25

        4.3 Verification

        MD5 (erg712449.Z) = 3a52615dfa14ef4ea7be1a4221fa7aed

        md5 is available for download from
                ftp://ftp.sco.com/pub/security/tools


        4.4 Installing Fixed Binaries

        Upgrade the affected binaries with the following sequence:

        1. Download the erg712449.Z file to the /tmp directory on your machine.

        2. As root, uncompress the file and add the package to your system
           using these commands:

        $ su
        Password: <type your root password>
        # uncompress /tmp/erg712449.Z
        # pkgadd -d /tmp/erg712449
        # rm /tmp/erg712449

5. References

        Specific references for this advisory:
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 
                http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 
                http://www.kb.cert.org/vuls/id/255484 
                http://www.kb.cert.org/vuls/id/380864 
                http://www.kb.cert.org/vuls/id/935264 
                http://www.openssl.org/news/secadv_20030930.txt 
                http://www.uniras.gov.uk/vuls/2003/006489/tls.htm 
                http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm

        SCO security resources:
                http://www.sco.com/support/security/index.html

        This security fix closes SCO incidents sr885388 fz528383
        erg712449.


6. Disclaimer

        SCO is not responsible for the misuse of any of the information
        we provide on this website and/or through our security
        advisories. Our advisories are a service to our customers
        intended to promote secure installation and use of SCO
        products.


7. Acknowledgments

        SCO would like to thank Dr. Stephen Henson who discovered
        a number of errors in the OpenSSL ASN1 code, using a test
        suite provided by NISCC (www.niscc.gov.uk). SCO would also
        like to thank NISCC for their research.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/fJpMaqoBO7ipriERAimTAKCD0Fc7lvB+U1Kcl7OWg8nvpW7BwgCcC5gB
zjSCvwefmDABKJ6nszYaMOI=
=+4qS
-----END PGP SIGNATURE-----