[FreeBSD-Announce] FreeBSD Security
Advisory FreeBSD-SA-06:19.openssl
Hiroshi SAKAKIBARA
skk at ht.sfc.keio.ac.jp
Wed Sep 6 16:32:52 PDT 2006
skk です.
うーん,どんな問題が起きるのか,いまいちピンと来ないので,重要度がわか
らないですが,こんなのが出てます.
調べてませんが,多分,他の OS でも同様の問題があるのではないでしょうか.
time: Wed, 6 Sep 2006 21:59:34 GMT
subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:19.openssl
message-id: <200609062159.k86LxYRY040995 at freefall.freebsd.org>
FreeBSD Security Advisories <security-advisories at freebsd.org>
wrote as follows
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> =============================================================================
> FreeBSD-SA-06:19.openssl Security Advisory
> The FreeBSD Project
> Topic: Incorrect PKCS#1 v1.5 padding validation in crypto(3)
> Category: contrib
> Module: openssl
> Announced: 2006-09-06
> Affects: All FreeBSD releases.
> Corrected: 2006-09-06 21:18:26 UTC (RELENG_6, 6.1-STABLE)
> 2006-09-06 21:19:21 UTC (RELENG_6_1, 6.1-RELEASE-p6)
> 2006-09-06 21:20:08 UTC (RELENG_6_0, 6.0-RELEASE-p11)
> 2006-09-06 21:20:54 UTC (RELENG_5, 5.5-STABLE)
> 2006-09-06 21:21:50 UTC (RELENG_5_5, 5.5-RELEASE-p4)
> 2006-09-06 21:22:39 UTC (RELENG_5_4, 5.4-RELEASE-p18)
> 2006-09-06 21:23:16 UTC (RELENG_5_3, 5.3-RELEASE-p33)
> 2006-09-06 21:24:04 UTC (RELENG_4, 4.11-STABLE)
> 2006-09-06 21:24:54 UTC (RELENG_4_11, 4.11-RELEASE-p21)
> CVE Name: CVE-2006-4339
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit
> <URL:http://security.freebsd.org/>.
> I. Background
> FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
> a collaborative effort to develop a robust, commercial-grade, full-featured,
> and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
> and Transport Layer Security (TLS v1) protocols as well as a full-strength
> general purpose cryptography library.
> PKCS#1 v1.5 is a standard for "padding" data before performing a
> cryptographic operation using the RSA algorithm. PKCS#1 v1.5 signatures
> are for example used in X.509 certificates.
> RSA public keys may use a variety of public exponents, of which 3, 17, and
> 65537 are most common. As a result of a number of known attacks, most keys
> generated recently use a public exponent of at least 65537.
> II. Problem Description
> When verifying a PKCS#1 v1.5 signature, OpenSSL ignores any bytes which
> follow the cryptographic hash being signed. In a valid signature there
> will be no such bytes.
> III. Impact
> OpenSSL will incorrectly report some invalid signatures as valid. When
> an RSA public exponent of 3 is used, or more generally when a small public
> exponent is used with a relatively large modulus (e.g., a public exponent
> of 17 with a 4096-bit modulus), an attacker can construct a signature which
> OpenSSL will accept as a valid PKCS#1 v1.5 signature.
> IV. Workaround
> No workaround is available.
> V. Solution
> Perform one of the following:
> 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
> or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
> or RELENG_4_11 security branch dated after the correction date.
> 2) To patch your present system:
> The following patches have been verified to apply to FreeBSD 4.11, 5.3,
> 5.4, 5.5, 6.0, and 6.1 systems.
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
> # fetch http://security.FreeBSD.org/patches/SA-06:19/openssl.patch
> # fetch http://security.FreeBSD.org/patches/SA-06:19/openssl.patch.asc
> b) Execute the following commands as root:
> # cd /usr/src
> # patch < /path/to/patch
> c) Recompile the operating system as described in
> <URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
> system.
> NOTE: Any third-party applications, including those installed from the
> FreeBSD ports collection, which are statically linked to libcrypto(3)
> should be recompiled in order to use the corrected code.
> VI. Correction details
> The following list contains the revision numbers of each file that was
> corrected in FreeBSD.
> Branch Revision
> Path
> - -------------------------------------------------------------------------
> RELENG_4
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.1.2.6
> RELENG_4_11
> src/UPDATING 1.73.2.91.2.22
> src/sys/conf/newvers.sh 1.44.2.39.2.25
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.1.2.5.6.1
> RELENG_5
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.4.1
> RELENG_5_5
> src/UPDATING 1.342.2.35.2.4
> src/sys/conf/newvers.sh 1.62.2.21.2.6
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.16.1
> RELENG_5_4
> src/UPDATING 1.342.2.24.2.27
> src/sys/conf/newvers.sh 1.62.2.18.2.23
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.8.1
> RELENG_5_3
> src/UPDATING 1.342.2.13.2.36
> src/sys/conf/newvers.sh 1.62.2.15.2.38
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.6.1
> RELENG_6
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.10.1
> RELENG_6_1
> src/UPDATING 1.416.2.22.2.8
> src/sys/conf/newvers.sh 1.69.2.11.2.8
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.14.1
> RELENG_6_0
> src/UPDATING 1.416.2.3.2.16
> src/sys/conf/newvers.sh 1.69.2.8.2.12
> src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.12.1
> - -------------------------------------------------------------------------
> VII. References
> http://www.openssl.org/news/secadv_20060905.txt
> http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
> The latest revision of this advisory is available at
> http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (FreeBSD)
> iD8DBQFE/0FzFdaIBMps37IRApq5AJ9LYe7MpHgG+fGWs9zNaFWrTd5mFQCgj5k8
> 0lBDO5lDb8jCB5vrjvfhyGY=
> =ihRT
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to "freebsd-announce-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list