head 1.13; access; symbols; locks; strict; comment @# @; 1.13 date 2005.12.03.12.19.40; author rse; state Exp; branches; next 1.12; commitid qqpAOapyuzxSmacr; 1.12 date 2005.12.03.11.50.03; author rse; state Exp; branches; next 1.11; commitid irQCXvyd7wvJcacr; 1.11 date 2003.02.19.16.22.17; author rse; state Exp; branches; next 1.10; 1.10 date 2003.02.19.16.07.39; author rse; state Exp; branches; next 1.9; 1.9 date 2003.02.19.16.06.42; author rse; state Exp; branches; next 1.8; 1.8 date 2003.02.19.15.42.57; author rse; state Exp; branches; next 1.7; 1.7 date 2003.02.19.15.42.03; author thl; state Exp; branches; next 1.6; 1.6 date 2003.02.19.15.25.30; author rse; state Exp; branches; next 1.5; 1.5 date 2003.02.19.15.23.40; author thl; state Exp; branches; next 1.4; 1.4 date 2003.02.19.14.58.40; author rse; state Exp; branches; next 1.3; 1.3 date 2003.02.19.14.40.01; author rse; state Exp; branches; next 1.2; 1.2 date 2003.02.19.14.35.56; author rse; state Exp; branches; next 1.1; 1.1 date 2003.02.19.14.33.57; author rse; state Exp; branches; next ; desc @@ 1.13 log @resign after latest adjustments @ text @-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@@openpkg.org openpkg@@openpkg.org OpenPKG-SA-2003.013 19-Feb-2003 ________________________________________________________________________ Package: openssl Vulnerability: obtain plaintext of SSL/TLS communication OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= openssl-0.9.7-20030111 >= openssl-0.9.7a-20030219 OpenPKG 1.2 <= openssl-0.9.7-1.2.0 >= openssl-0.9.7-1.2.1 OpenPKG 1.1 <= openssl-0.9.6g-1.1.0 >= openssl-0.9.6g-1.1.1 Affected Releases: Dependent Packages: OpenPKG CURRENT apache cadaver cpu curl dsniff easysoap ethereal exim fetchmail imap imapd inn linc links lynx mico mixmaster mozilla mutt nail neon openldap openvpn perl-ssl postfix postgresql qpopper samba sendmail siege sio sitecopy socat stunnel subversion sysmon w3m wget OpenPKG 1.2 apache cpu curl ethereal fetchmail imap inn links lynx mico mutt nail neon openldap perl-ssl postfix postgresql qpopper samba sendmail siege sitecopy socat stunnel sysmon w3m wget OpenPKG 1.1 apache curl fetchmail inn links lynx mutt neon openldap perl-ssl postfix postgresql qpopper samba siege sitecopy socat stunnel sysmon w3m Description: In an upcoming CRYPTO 2003 paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on SSL/TLS with CBC ciphersuites. According to an OpenSSL security advisory [0], the OpenSSL implementation is vulnerable to this attack. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2003-0078 [2] to the problem. The attack assumes that multiple SSL/TLS connections involve a common fixed plaintext block, such as a password. An active attacker can substitute specifically made-up ciphertext blocks for blocks sent by legitimate SSL/TLS parties and measure the time until a response arrives. SSL/TLS includes data authentication to ensure that such modified ciphertext blocks will be rejected by the peer (and the connection aborted), but the attacker may be able to use timing observations to distinguish between two different error cases, namely block cipher padding errors and MAC verification errors. This is sufficient for an adaptive attack that finally can obtain the complete plaintext block. Although this cannot be easily exploited, because the attack requires the ability to be a man-in-the-middle, repeated communications that have a common plaintext block, decoding failures not signaling problems on the client and server side, and a network between the attacker and the server sufficient enough to reasonably observe timing differences. OpenSSL version since 0.9.6c supposedly treat block cipher padding errors like MAC verification errors during record decryption [1], but MAC verification was still skipped after detection of a padding error, which allowed the timing attack. Please check whether you are affected by running "/bin/rpm -q openssl". If you have the "openssl" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) and it's dependent packages (see above), if any, too. [3][4] Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the current release OpenPKG 1.2, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/1.2/UPD ftp> get openssl-0.9.7-1.2.1.src.rpm ftp> bye $ /bin/rpm -v --checksig openssl-0.9.7-1.2.1.src.rpm $ /bin/rpm --rebuild openssl-0.9.7-1.2.1.src.rpm $ su - # /bin/rpm -Fvh /RPM/PKG/openssl-0.9.7-1.2.1.*.rpm Additionally, we recommend that you rebuild and reinstall all dependent packages (see above), if any, too. [3][4] ________________________________________________________________________ References: [0] http://www.openssl.org/news/secadv_20030219.txt [1] http://www.openssl.org/~bodo/tls-cbc.txt [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0078 [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.1/UPD/openssl-0.9.6g-1.1.1.src.rpm [6] ftp://ftp.openpkg.org/release/1.2/UPD/openssl-0.9.7-1.2.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.1/UPD/ [8] ftp://ftp.openpkg.org/release/1.2/UPD/ [9] http://www.openpkg.org/security.html#signature ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For instance, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG iD8DBQFDkYywgHWT4GPEy58RAvuQAKDSUZPh2URFABVBBNvZrRZ+Jk9xUQCcDc2J lhTbNpls5kTCKWkdLAw7xtQ= =99u3 -----END PGP SIGNATURE----- @ 1.12 log @switch to newer world order of CVE instead of CAN and where no more solution hints are specified in detail and anybody should already memorize this standard text @ text @d125 3 a127 3 iD8DBQE+U68fgHWT4GPEy58RAgFGAKDFc5Uqd/Vywgo/hIVc7XfUY7dg2ACeMBjK a46TdeF9PpJpy44I21Mpo8A= =AI7g @ 1.11 log @fix typo and resign @ text @d46 1 a46 1 CAN-2003-0078 [2] to the problem. d103 1 a103 1 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078 @ 1.10 log @add signature @ text @d62 1 a62 1 failures not signalling problems on the client and server side, and d125 3 a127 3 iD8DBQE+U6uzgHWT4GPEy58RAm1+AKCgysURicPPpRl0BEfU5ZFGy98xWgCgr4MW KyNb+zBHo4f1RFjwojttJvM= =ZqKJ @ 1.9 log @final polishing @ text @d1 3 d122 7 @ 1.8 log @final text polishing @ text @d13 4 a16 4 Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= openssl-0.9.7-20030111 >= openssl-0.9.7a-20030219 OpenPKG 1.2 <= openssl-0.9.7-1.2.0 >= openssl-0.9.7-1.2.1 OpenPKG 1.1 <= openssl-0.9.6g-1.1.0 >= openssl-0.9.6g-1.1.1 a18 7 OpenPKG CURRENT apache bind cadaver cfengine cpu curl dsniff easysoap ethereal exim fetchmail imap imapd inn linc links lynx mico mixmaster mozilla mutt nail neon openldap openssh openssl openvpn perl-ssl postfix postgresql qpopper rdesktop samba sasl scanssh sendmail siege sio sitecopy snmp socat stunnel subversion sysmon tcpdump tinyca w3m wget d20 6 a25 5 OpenPKG 1.2 apache bind cpu curl ethereal fetchmail imap inn links lynx mico mutt nail neon openldap openssh openssl perl-ssl postfix postgresql qpopper rdesktop samba sasl scanssh sendmail siege sitecopy snmp socat stunnel sysmon tcpdump tinyca w3m wget d27 8 a34 4 OpenPKG 1.1 apache bind curl fetchmail inn links lynx mutt neon openldap openssh openssl perl-ssl postfix postgresql qpopper samba sasl scanssh siege sitecopy snmp socat stunnel sysmon tcpdump w3m @ 1.7 log @list all dependencies found by dump grepping @ text @d39 5 a43 5 In an upcoming CRYPTO 2003 paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. According to an OpenSSL security advisory [0], the OpenSSL implementation is vulnerable to this attack. The d47 3 a49 3 The attack assumes that multiple SSL or TLS connections involve a common fixed plaintext block, such as a password. An active attacker can substitute specifically made-up ciphertext blocks for blocks sent d51 1 a51 1 arrives: SSL/TLS includes data authentication to ensure that such d56 1 a56 1 d70 5 a74 5 Please check whether you are affected by running "/bin/rpm -q openssl". If you have the "openssl" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) and it's dependent packages (see above), if any, too. [3][4] @ 1.6 log @more details derived from Mark J. Cox @ text @d19 18 a36 3 OpenPKG CURRENT ?? OpenPKG 1.2 ?? OpenPKG 1.1 ?? @ 1.5 log @forgotten replacement @ text @d40 9 a48 3 block cipher padding errors and MAC verification errors. This is sufficient for an adaptive attack that finally can obtain the complete plaintext block. @ 1.4 log @more details I know of @ text @d50 1 a50 1 -q openssl". If you have the "foo" package installed and its version @ 1.3 log @fix typos @ text @d10 1 a10 1 Vulnerability: timing attack on CBC d24 24 a47 5 According to a OpenSSL security advisory [0] based on work from Serge Vaudenay, a crazy vulnerability exists in the ... [1] .... The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0078 [2] to the problem. d79 2 a80 2 [0] http://www.example.com/bugfinder.html [1] http://www.foo.org/ @ 1.2 log @remember name @ text @d28 1 a28 1 assigned the id CAN-CAN-2003-0078 [2] to the problem. d62 1 a62 1 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-CAN-2003-0078 @ 1.1 log @first cut for OpenSSL template with information I have already at hand without searching out more @ text @d24 2 a25 2 According to a ... security advisory based on hints from ... [0], a crazy vulnerability exists in the @