Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenSSL Hit by Forgery Bug

ScuttleMonkey posted more than 7 years ago | from the fast-fixes dept.

69

Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature — PKCS #1 v1.5 signatures — but these are used by some certificate authorities... The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix."

cancel ×

69 comments

Google saves the day... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16192847)

Wonder if Google Desktop search can help me find all the bugs in Windows...

Re:Google saves the day... (4, Informative)

tedgyz (515156) | more than 7 years ago | (#16192917)

Wonder if Google Desktop search can help me find all the bugs in Windows...
While I'm as quick to fawn over Google, let's give credit to "Daniel Bleichenbacher, a cryptographer with Bell Labs" for finding it.

Re:Google saves the day... (0, Troll)

AmberBlackCat (829689) | more than 7 years ago | (#16193501)

Mindlessly attacking Windows doesn't make this flaw go away in the open source software, just as saying something bad about China doesn't make the United States the land of the free or the home of the brave. Replying to this message with some inaccurate claim about Windows having a thousand new bugs every day won't make it go away either.

Re:Google saves the day... (0)

WED Fan (911325) | more than 7 years ago | (#16194839)

Mindlessly attacking Windows doesn't make this flaw go away

Remember, foolish boy, if its Windows, its a flaw, if its open source, it must be Microsofts fault for creating a culture of closed code. Finding a bug in anything but MS will somehow spark an inequal response calling out the faults of MS. It's a knee jerk reaction by this crowd because they really don't feel that secure about their position.

Re:Google saves the day... (1)

AmberBlackCat (829689) | more than 7 years ago | (#16195297)

Girl, not boy.

Re:Google saves the day... (0)

Anonymous Coward | more than 7 years ago | (#16197333)

Will you have sex with me?

Re:Google saves the day... (0)

Anonymous Coward | more than 7 years ago | (#16198005)

Gah! You need to warn people about your site! The eyes! They burn!!

Re:Google saves the day... (1)

cperciva (102828) | more than 7 years ago | (#16193809)

While I'm as quick to fawn over Google, let's give credit to "Daniel Bleichenbacher, a cryptographer with Bell Labs" for finding it.

To be entirely fair, my understanding is that Bleichenbacher said "hey guys, I just found a bug in some non-openssl crypto code, you guys should check to see if you have a similar bug". It was the people from Google who said "ok, let's look through the openssl source code and see if it does anything dumb like this".

Re:Google saves the day... (2, Informative)

towsonu2003 (928663) | more than 7 years ago | (#16194183)

I'll also give credit to Debian and Ubuntu, where openssl is already patched and good to go:

==============

openssl (0.9.8a-7ubuntu0.1) dapper-security; urgency=low

* SECURITY UPDATE: signature forgery in some cases.

* Apply http://www.openssl.org/news/patch-CVE-2006-4339.tx t [openssl.org] :

- Check excessive data in padding of PKCS #1 v1.5 signatures to prevent applications from incorrectly verifying the certificate.

* References:

CVE-2006-4339

http://www.openssl.org/news/secadv_20060905.txt [openssl.org]

Fedora also updated (1)

ajs (35943) | more than 7 years ago | (#16199353)

Fedora has had the fix since Sept 5th (timestamp on one mirror site that I visited). From the spec file for openssl-0.9.8a-5.3.src.rpm:
# Backported fixes including security fixes
Patch56: openssl-0.9.8b-cve-2006-4339.patch
Enjoy.

Re:Fedora also updated (1)

towsonu2003 (928663) | more than 7 years ago | (#16202127)

haha

Security and open source (0, Flamebait)

The_Abortionist (930834) | more than 7 years ago | (#16194209)

One of the fallacies of the open source movement is the belief that all the users access the code and help each other out in order to build the perfect software. How many people look at this and that in the linux source to find all the bugs? Millions? More like 3-4. And that's generous because it's probably just the developer doing the code while rest give a quick gaze at checkin.

In the case of security, the lack of real benevolent oversight is compounded by constant verification by hackers and criminals in order to find the smallest security lapse. Then, they share the knowledge amongst each other and then they are free to wreck havock. Wreck havoc not until a fix is produced, that's usually done pretty quickly, but until the fix propagates everywhere.

Someone who uses any open source software must constantly look at the news, like on slashdot, to see if they need to download a new version of the software. If they miss a day, they can be 100% vulnerable.

Now everybody who uses OpenSSL embedded in whatever application must carefully wait for an update to become available to that particular software. Who knows when? Until then, they are completely vulnerable to anyone who can read a usenet post.

Crypto Math problem, not a Coding bug problem (5, Insightful)

billstewart (78916) | more than 7 years ago | (#16194637)

While the parent poster was arguably flamebaiting or trolling about how Open Source doesn't always get the bugs found or fixed, and makes it easy for Bad Guys to write exploits, and he doesn't know that havoc is something you wreak as opposed to wrecking, he's actually hit on a couple of important problems here.

This isn't really a problem with buggy coding - it's a crypto math problem that is affected by implementation choices, and new crypto discoveries can hit some code harder than others. The code here was checked very thoroughly by *lots* of people, including some really strong crypto experts, because it's critical code for a lot of people. With RSA signatures, there's a public exponent "e" and a private exponent "d", and e is a pretty arbitrary prime, so it's common to pick a value that lets you do fast calculations. The popular values are 3, 65537, and occasionally 17, and it's hard to find a number x such that x**e mod n == y if you don't know d (or p and q.) The problem is that it's not so hard to find x and some junk such that (x,junk)**e mod n == (y,otherjunk), at least if e is small enough, and the standard ASN.1 code makes it easy to add arbitrary junk. 3 is small enough (and really fast to use), 17 might be, 65537 is pretty safe, and ASN.1 is the Mos Eisley of data representation protocols, a wretched hive of scum and villainy that nobody wants to mess around in. So some people do the right thing in checking the "otherjunk" beyond the y, but not everybody did, and until Bleichenbacher's attack you didn't need to.

Open Source does mean that you *can* update your copy of OpenSSL, without waiting for Microsoft Patch Day - and in the crypto world, the only way to trust anything is for the algorithms and implementation code to be documented and readable. They don't have to be "open" in the sense of "accepting patches from arbitrary people" or "free as in speech, not patented, not copyrighted, guaranteed to make RMS happy", but if you can't see the algorithms or install code you've recompiled from scratch yourself, you can't trust it.

So the fact that you've got to update OpenSSL and link it in to other code is really fine here - if you're paranoid, you need to do it yourself, and you've got the tools to do it; if you're not paranoid, this is a fairly tough exploit to actually do anything useful with, though you could go deleting a few certificates from your browser's security files if you're worried.

Re:Crypto Math problem, not a Coding bug problem (0)

Anonymous Coward | more than 7 years ago | (#16196119)

The problem is that it's not so hard to find x and some junk such that (x,junk)**e mod n == (y,otherjunk), at least if e is small enough, and the standard ASN.1 code makes it easy to add arbitrary junk. 3 is small enough (and really fast to use), 17 might be, 65537 is pretty safe, and ASN.1 is the Mos Eisley of data representation protocols, a wretched hive of scum and villainy that nobody wants to mess around in. So some people do the right thing in checking the "otherjunk" beyond the y, but not everybody did, and until Bleichenbacher's attack you didn't need to.
You sure are doing a lot of tap dancing and dishonest finger pointing, rather than calling it like it is. ASN.1 didn't cause the problem or contribue to it in any way. It's a freakin' syntax notation and not "code" in any way, shape, or form. It's easy as pie to parse the associated encodings, particularly the simple variety used in the area of public-key crypto standards. That somebody chose not to properly consider the "otherjunk" is a comment on their judgement, not on the method of encoding used.

Old news (0)

Anonymous Coward | more than 7 years ago | (#16192871)

Way to be about 2 weeks behind the news, slashdot.

Re:Old news (1)

flosofl (626809) | more than 7 years ago | (#16193603)

Way to be about 2 weeks behind the news, slashdot.
I was thinking the same thing. I'm pretty sure I sent an internal advisory regarding this to our global groups about two or so weeks ago.

*checks outbox*

Yep, two+ weeks. I'm willing to cut slack for stories 2-3 days old, but this is ancient for a security alert.

All your base belong to me! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#16192881)

ha

Re:All your base belong to me! (3, Funny)

Feyr (449684) | more than 7 years ago | (#16192949)

more like,

all your certs are belong to me

Re:All your base belong to me! (3, Funny)

SeaFox (739806) | more than 7 years ago | (#16193849)

all your certs are belong to me

I use Tic-Tacs you insensitive clod!

And the echo (-1, Flamebait)

JustOK (667959) | more than 7 years ago | (#16192981)

I think I'm hearing the echo of someone saying that there was no hole, and that it was Pres. Bush ordering a new backdoor be put into it. "Its to protect us from the terrorists, and that's not evil."

Vaguely relevant Simpsons quote (0, Offtopic)

MicrosoftRepresentit (1002310) | more than 7 years ago | (#16193011)

Bart: Homer, how can this be possible? Homer: Fire up the klystron, Bart, theres only two days left Bart: Lisa, is this true? Lisa: I've run out of garlic, someone go and get some more Maggie: Its in the greenhouse, but I can't go in, I'm allergic to trowels Homer: D'oh!

The advantages of using Debian... (-1, Redundant)

kcbrown (7426) | more than 7 years ago | (#16193007)

This one is already fixed in Debian's openssl version 0.9.8b-3 in -testing (-unstable now has 0.9.8c-1), and 0.9.7e-3sarge2 in -stable-security.

This is one of the reasons I run Debian. Important things like this get fixed quickly and updating is painless, thanks to apt-get.

I expect that Ubuntu is similarly responsive. I know that it's just as easy to keep updated, since they use the same packaging and dependency-tracking mechanisms.

Re:The advantages of using Debian... (0)

Anonymous Coward | more than 7 years ago | (#16193309)

Yeah, let's all name our favorite piece of software that already updated this bug which was reported over 20 days ago. A bit of extra spam won't hurt, especially if you can karma whore with Debian and Ubuntu.

Apple? (1)

Burz (138833) | more than 7 years ago | (#16193325)

Seems they haven't yet issued an update for Mac OS X Panther (which has OpenSSL at 0.9.7i).

Re:Apple? (0)

Anonymous Coward | more than 7 years ago | (#16197113)

Actually, they have. It's called Mac OS X Tiger.

Re:Apple? (0)

Anonymous Coward | more than 7 years ago | (#16199507)

10.4 Tiger also uses 0.9.7i, which, as you'll note, was not listed as among those versions affected.

Re:Apple? (1)

Burz (138833) | more than 7 years ago | (#16203125)

10.4 Tiger also uses 0.9.7i, which, as you'll note, was not listed as among those versions affected.

Then Tiger is indeed affected, because 'i' comes before 'j'. Read the advisory again.

Re:The advantages of using Debian... (1)

pembo13 (770295) | more than 7 years ago | (#16194807)

And I suppose you think this is a special feature held by Debian only?

who knew (3, Funny)

User 956 (568564) | more than 7 years ago | (#16193009)

ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique.

Who knew that OpenSSL would have ever had anything in common with a Wal-Mart cashier?

#2 for de Raadt? (1)

mosel-saar-ruwer (732341) | more than 7 years ago | (#16195805)


ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique.

Did OpenBSD ship with any of this code?

If so, then wouldn't this be Theo's second pwning?

Re:#2 for de Raadt? (0)

Anonymous Coward | more than 7 years ago | (#16196631)

If so, then wouldn't this be Theo's second pwning?
The 'pwning' is specifically 'remote hole in a default install'. Given that clients don't need to provide certs for SSH connections and this only helps spoofing an authenticated cert I really don't see that, no.

Re:#2 for de Raadt? (1)

Pixel_K (717294) | more than 7 years ago | (#16196937)

The soon-to-be released OpenBSD 4.0 (November 1st) should ship with "OpenSSL 0.9.7j (+ patches)" http://www.openbsd.org/40.html [openbsd.org] .
I hope they'll update it before launch.

Re:#2 for de Raadt? (1, Informative)

Anonymous Coward | more than 7 years ago | (#16198659)

fuck a c0m (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16193075)

and the strikixng is the worst off vary for different Keep unnecessary fanatic known

class action (-1, Offtopic)

darkchubs (814225) | more than 7 years ago | (#16193131)

you mean some sleazball lawyer will sue a sleazball company and try to monitize this "leak" for his own gain. Then every user of AOL will get about .02 cents.... but STILL they cant uninstall AOL... wow, where did I put that AOL coffee coaster. who cares.

Re:class action (0)

Anonymous Coward | more than 7 years ago | (#16193431)

I think you ment to reply to the aol thread. This is OpenSSL.

~janus zeal

apt-get => sleeping tight. (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#16193135)

Get:1 http://ftp.debian.org/ [debian.org] unstable/main libssl0.9.7 0.9.7k-1 [2279kB]

This is old. (1)

Kartoffel (30238) | more than 7 years ago | (#16193137)

Slashdot. News for time travellers from just arriving here from two and half weeks ago.
http://www.openssl.org/news/secadv_20060905.txt [openssl.org]

I would hope that all serious users of OpenSSL have already patched this. FreeBSD and Debian were on top of it the same day it was announced. Others too, no doubt.

Re:This is old. (2, Informative)

cperciva (102828) | more than 7 years ago | (#16193757)

I would hope that all serious users of OpenSSL have already patched this. FreeBSD and Debian were on top of it the same day it was announced.

I don't know about Debian, but FreeBSD didn't issue an advisory until the day after this went public. We have a very strict policy about making sure that security updates won't break anything, and OpenSSL's original patch was broken and not fixed until a day later [openssl.org] .

In general you're right, though -- we hear about security issues before they go public and make sure we have advisories and patches ready.

Re:This is old. (2, Informative)

noahm (4459) | more than 7 years ago | (#16194357)

I don't know about Debian, but FreeBSD didn't issue an advisory until the day after this went public. We have a very strict policy about making sure that security updates won't break anything, and OpenSSL's original patch was broken and not fixed until a day later.

It wasn't really per se, but it did contain some unnecessary code. None of it was major, and I don't think it would have caused any problems, but the revised patch, which we in Debian also used, touched fewer files and was generally simpler.

noah

in what should we trust? (1)

K-074512 (1003265) | more than 7 years ago | (#16201183)

if openssl also can be attacked by bug, what else should we trust to secure our data?

paid service cant secure our data..and now even the 'secure' open source service cant secure it..so now what we should use? seriously man..what should we use?? any suggestion??

1.0 (3, Funny)

Richard W.M. Jones (591125) | more than 7 years ago | (#16193177)

If only they'd released a 1.0 version that would never have happened...

Re:1.0 (0)

Anonymous Coward | more than 7 years ago | (#16197721)

Or released it under the GPL...

old news (3, Informative)

noahm (4459) | more than 7 years ago | (#16193347)

Wow, that was like almost a month ago. All the major, and most of the minor, OS vendors and Linux distributors have long since announced released fixes. Why's it on slashdot now?

It also needs to be noted that the impact of this bug is not nearly as wide as a slashdot front-page headline might suggest. The FreeBSD security advisory [freebsd.org] has some good info on why. To quote: (emphasis mine)

RSA public keys may use a variety of public exponents, of which 3, 17, and 65537 are most common. As a result of a number of known attacks, most keys generated recently use a public exponent of at least 65537.
...
OpenSSL will incorrectly report some invalid signatures as valid. When an RSA public exponent of 3 is used, or more generally when a small public exponent is used with a relatively large modulus (e.g., a public exponent of 17 with a 4096-bit modulus), an attacker can construct a signature which OpenSSL will accept as a valid PKCS#1 v1.5 signature.

So yeah, there may be some vulnerable sites out there, but they were already weaker than they should have been, and most sites are likely unaffected. That, coupled with the simplicity of the fix (both as provided in source form and from the OS vendors) makes this a non-story.

noah

Re:old news (0)

RAMMS+EIN (578166) | more than 7 years ago | (#16193473)

``Wow, that was like almost a month ago. ... Why's it on slashdot now?''

The first 42 submissions of a story are rejected. The next one is posted. After that, 1337 submissions are rejected before the dupe is posted.

TINC

Re:old news (0)

Anonymous Coward | more than 7 years ago | (#16193633)

It was a month ago, and it is non-news at this point.

However, using a public exponent of 3 is not inherently weak unless the message can be less than the cube root of the modulus. Since RSA is only used for symmetric key exchange or (as in this case) on a hash value, the message can easily be padded, having its high bit set so that the "weakness" is always irrelevant.

Even with extremely high exponents like 65537, if you're encrypting raw messages with RSA you have to police for a null (all-zero) message, because no matter what the public exponent, an attacker can plainly see that the message was all null. 0^65537 (mod anything) is still 0.

Re:old news (2, Interesting)

dveditz (11090) | more than 7 years ago | (#16194273)

It also needs to be noted that the impact of this bug is not nearly as wide as a slashdot front-page headline might suggest.
Unfortunately it is. While it may be true that few certs are issued with small exponents these days it doesn't really matter. Some of the pre-installed Certificate Authorities use a small exponent and you simply forge *their* signature to create a "valid" cert for any site you like.

Re:old news (3, Informative)

tqbf (59350) | more than 7 years ago | (#16195277)

No, the impact of this problem was wider than what the front page suggests; the same bug hit Firefox (which uses its own "NSS" SSL library, not OpenSSL), and several of the root certificates were e=3 (e=3 is a widely-recommended optimization). Long story short, Firefox, Opera, and Konqueror are all spoofable until you download patches.

The simple exploit (generate a new WELLSFARGO.COM cert and "sign" it in a way that will trick a browser into believing a root CA signed it) is literally 3 lines of Python.

You're also wrong about the crypto details: e=3 RSA is not "weaker" than e=65537. The problem is not that people used "weak" RSA parameters; the problem is that they didn't verify all the bits in an RSA-decoded signature, but instead tried to fish something that looked like a valid SHA/MD5 hash out of it. If you screw up any of the details in RSA signature verification, you're screwed, e=3, e=5, or e=65537. Conversely if you get the details right, e=3 is as secure as factoring.

It is funny that this is just hitting Slashdot now; it's weeks old.

RSA is not as secure as factoring, e=3 or not (1)

Paul Crowley (837) | more than 7 years ago | (#16196323)

There is no security reduction from RSA to factoring, for e=3 or any other e. In fact there's strong evidence that there will never be such a reduction.

In addition, any such security reduction won't apply to PKCS #1.5 - a proper padding method, like OAEP+, must be used for the security reduction to apply.

There is such a reduction for e=2 aka Rabin, but that's not RSA any more, because your equations have multiple solutions. I nonetheless recommend adoption of Rabin everywhere RSA is now used, since it's better in every possible respect.

Re:old news (1)

fbjon (692006) | more than 7 years ago | (#16213257)

Long story short, Firefox, Opera, and Konqueror are all spoofable until you download patches.
Indeed, Opera 9.02 was released just a week ago, fixing this.

Vendors have Patched As Well (2, Informative)

miller60 (554835) | more than 7 years ago | (#16193669)

This weakness was first described at the CRYPTO conference in August, and a technical explanation of the exploit [imc.org] was public on Aug. 27, Open SSL issued its advisory and patch [openssl.org] on Sept. 5 and the Netcraft article [netcraft.com] cited by ZDNet has been online since Sept. 7. So while this is a potentially problematic security issue, it's not brand new, has been patched by OpenSSL and quite a few vendors have issued patches as well.

I don't get it (1)

Kuciwalker (891651) | more than 7 years ago | (#16193827)

From what I remember of the earlier slashdot story, didn't it require a large tail of semi-random junk on the file, and so the consensus it was interesting but unexploitable? Or was that something else...

Re:I don't get it (0)

Anonymous Coward | more than 7 years ago | (#16193883)

it was your mom.

Re:I don't get it (1)

sowth (748135) | more than 7 years ago | (#16195977)

That sounds like the md5/sha hash issues. Though those would probably be exploitable on openssl too. Openssl supports hashes. Digital signatures are usually done by hashing the data first then signing the hash. (Because public key algorithms are usually slow, hashes are usually much faster)

The junk shouldn't matter. How often do you look at the source html or all the fields of a cert on secure pages? Probably never. There may be an area or field of certs which most program don't even show, so even if you look, you may not find the junk anyway...

SSL is overrated (-1, Troll)

YGingras (605709) | more than 7 years ago | (#16194131)

You can't apply a technological solution to a social problem. Resellers will sell certs to anyone and no one even bother to have their certs signed anymore. Even my uni don't have a signed cert. You see messages like "if you browsers say that the certificate authority isn't knowned just click accept" and people just do that. Do anyone even understand what that message mean? I mean anyone not in CS and even then I'm not sure that most people grasp how the trust is supposed to go from Verisign down to your browser. Frankly I don't see what SSL _can_ protect. Unless anyone can understand how it works, the passing of certificates is doomed to be useles.

First gzip, now this. (1)

Grendel Drago (41496) | more than 7 years ago | (#16194965)

First a huge raft of problems in gzip, now this. Thank you, Google. But you have to wonder--is there a point at which fewer security issues will be found in system software? I mean, it's gzip! It's not like it's some new whizbang technology; this has been around for more than ten years. The real question to be asked is why we're still finding these problems now.

Re:First gzip, now this. (0)

Anonymous Coward | more than 7 years ago | (#16196213)

The real question to be asked is why we're still finding these problems now.

Because YOU didn't do your part and participate in the design, coding, code audit, QA, and ongoing maintenance duties of the Open Source movement. Shame on YOU.

I can't tell if you're being sarcastic or not. (1)

Grendel Drago (41496) | more than 7 years ago | (#16199361)

Because, umm, I wasn't using Linux then? Because it's not insane to ask that programs be written right in the first place? Because auditing an incredibly widely-used library isn't too much to ask? Because crypto is a subtle art, very easy to get wrong, and there aren't that many people who can competently audit crypto code? Because I do file a ton of bug reports (for what I can reproduce) and patches (for what I can code), but I never got around to fuzz-testing gzip, which might have revealed some of its issues?

Firefox, Thunderbird, Seamonkey, and Opera (1)

VGPowerlord (621254) | more than 7 years ago | (#16195257)

Firefox/Thunderbird had this fix applied in 1.5.0.7, released on 2006/09/14.
Seamonkey had this fix applied in 1.0.5, released on 2006/09/14.
Opera had this fix applied in Opera 9.02, released on 2006/09/21.

Webbrowsers affected too (0)

Anonymous Coward | more than 7 years ago | (#16195887)

Some common webbrowsers are affected by this attack too. For example, this worked against mozilla firefox and opera in their default configuration. Using this attack, you could do a man in the middle attack against every ssl-connection. Using this attack for digital signatures on emails would have been possible too.

There are some details about the affected browsers:

http://www.cdc.informatik.tu-darmstadt.de/securebr owser/ [tu-darmstadt.de]

Netcraft confirms it... (0, Troll)

Brando_Calrisean (755640) | more than 7 years ago | (#16197641)

... OpenSSH is dead

anybody is wondering?? (1)

K-074512 (1003265) | more than 7 years ago | (#16202761)

if anyone wonder..here is the definition of OpenSSL.. courtesy of wikipedia.org...

OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the four open source BSD operating systems), and also for Microsoft Windows. OpenSSL is based on SSLeay by Eric Young and Tim Hudson, development of which unofficially ended around December 1998, when Tim and Eric both moved to work for RSA Security.

more and more upgrades. (1)

TT074283 (1003787) | more than 7 years ago | (#16204205)

It's been stated in Help Net Security that the only solution to this problem is to:
Upgrade to version 0.9.8c, 0.9.7k or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
'No known workarounds' seems like quite an exxageration!
It's normal for technologies to be upgraded, right? But u have to admit though.. everything seems to require regular upgrading nowadays. At least once! Even humans need a so-called self-upgrading. What more technologies which are created by humans?
To those of u (humans), who are still yet to realise what security complications would be seen from this vulnerability issue, here are some of the major classifications effects:
1. Remote vulnerability
2. Impact on integrity
3. Exploit unknown
4. Verified

http://www.net-security.org/vulnerability.php?id=2 8549 [net-security.org]

".. winners don't do different things, they do things differently."

Unpredictable Program (1)

TT074302 (1006411) | more than 7 years ago | (#16212987)

"OpenSSL versions up to 0.9.7j and 0.9.8b" The software package created above is not a predictable program because it is vulnerable to signature forgery technique although it uses strong cryptography.

Vulnerability (1)

TT074302 (1006411) | more than 7 years ago | (#16213175)

There are multiple ways to avoid this vulnerability. Any one of the following measures is sufficient. 1. Upgrade the OpenSSL server software. The vulnerability is resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7k (or later); - in the 0.9.8 branch, version 0.9.8c (or later). OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html [openssl.org] ): o http://www.openssl.org/source/ [openssl.org] o ftp://ftp.openssl.org/source/ [openssl.org] The distribution file names are: o openssl-0.9.8c.tar.gz MD5 checksum: 78454bec556bcb4c45129428a766c886 SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d o openssl-0.9.7k.tar.gz MD5 checksum: be6bba1d67b26eabb48cf1774925416f SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2 The checksums were calculated using the following commands: openssl md5 openssl-0.9*.tar.gz openssl sha1 openssl-0.9*.tar.gz 2. If this version upgrade is not an option at the present time, alternatively the following patch may be applied to the OpenSSL source code to resolve the problem. The patch is compatible with the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. o http://www.openssl.org/news/patch-CVE-2006-4339.tx t [openssl.org] Whether you choose to upgrade to a new version or to apply the patch, make sure to recompile any applications statically linked to OpenSSL libraries.

others are affected too (1)

pk073900 (1006369) | more than 7 years ago | (#16213239)

although this bug has been fixed in ssl. browsers are also affected by it. the attack requires that one of the accepted certificate authorities uses an RSA key with the exponent 3. all of the major browsers have such a CA. browsers like IE and safari are not affected by this. In firefox however it is affected but there already exists a fix from version 1.5.0.7 so no need to worry if youre using firefox and youre up to date. konqueror meanwhile uses opsnssl libraries and is not affected is it is up to date. the only browser that is still affected is opera. the update is not yet available and will only be available "soon". It is recommended that you remove opera until an update is made available. this problem also does not affect only browsers. it effects programs that use X.509 certificates. cheers.

start updating it! (1)

FlipSyde IT072186 (1004022) | more than 7 years ago | (#16226311)

oh then jus update it!! that is why we have many versions dont we.

version of open ssl (1)

Mr.BoBo-TT074226 (1005779) | more than 7 years ago | (#16241951)

OpenSSL 0.9.8 was released on July 5, 2005 announcement. OpenSSL 0.9.7 was released on December 31, 2002. OpenSSL 0.9.6 was released on September 25, 2000. OpenSSL 0.9.5 was released on February 28, 2000. OpenSSL 0.9.4 was released on August 9, 1999. OpenSSL 0.9.3 was released on May 25, 1999.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...