OpenSSL -- Multiple problems in crypto(3)

Description:

Problem Description:

Several problems have been found in OpenSSL:

During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop.
A buffer overflow exists in the SSL_get_shared_ciphers function.
A NULL pointer may be dereferenced in the SSL version 2 client code.

In addition, many applications using OpenSSL do not perform any validation of the lengths of public keys being used.

Impact:

Servers which parse ASN1 data from untrusted sources may be vulnerable to a denial of service attack.

An attacker accessing a server which uses SSL version 2 may be able to execute arbitrary code with the privileges of that server.

A malicious SSL server can cause clients connecting using SSL version 2 to crash.

Applications which perform public key operations using untrusted keys may be vulnerable to a denial of service attack.

Workaround:

No workaround is available, but not all of the vulnerabilities mentioned affect all applications.

References:

CVE name CVE-2006-2937
CVE name CVE-2006-2938
CVE name CVE-2006-2940
CVE name CVE-2006-3738
CVE name CVE-2006-4343
FreeBSD security advisory FreeBSD-SA-06:23.openssl

Affects:

openssl <0.9.7l_0
openssl >0.9.8 <0.9.8d_0
FreeBSD >6.1 <6.1_9
FreeBSD >6.0 <6.0_14
FreeBSD >5.5 <5.5_7
FreeBSD >5.4 <5.4_21
FreeBSD >5.3 <5.3_36
FreeBSD >4.11 <4.11_24

portaudit: OpenSSL -- Multiple problems in crypto(3)

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>