SGI: Security

openssl 0.9.7j - RSA forgery

Quote:
Description
-------------------------------------------------------------------------------------
OpenSSL versions 0.9.7j and prior and 0.9.8b and prior contain a vulnerability that could allow an unauthenticated, remote attacker to successfully pass a forged x.509 certificate.

The vulnerability could allow an unauthenticated, remote attacker to pass a forged Public-Key Cryptography Standards (PKCS)#1 Version 1.5 signature when signed by a certain type of RSA key. An attacker may be able to exploit this vulnerability to utilize a forged signature to gain access to certificate-protected resources.

OpenSSL confirmed this vulnerability in a security advisory and released updated versions.

Impact
-------------------------------------------------------------------------------------
An unauthenticated, remote attacker could exploit this vulnerability to gain access to certificate protected resources. This could result in the attacker disclosing protected information or taking actions as the user within the forged certificate.

Warning Indicators
-------------------------------------------------------------------------------------
OpenSSL versions 0.9.7j and prior and 0.9.8b and prior are vulnerable.

Technical Information
-------------------------------------------------------------------------------------
The vulnerability is due to an error when validating padding of PKCS #1 v1.5 signatures. If a RSA key with exponent 3 is used, an attacker may be able to forge a PKCS #1 v1.5 signature signed by that key. Because OpenSSL fails to check for excess data in the RSA exponentiation result of the signature, the certificate may inadvertently be marked as valid.

Safeguards
-------------------------------------------------------------------------------------
Administrators are advised to upgrade to the appropriate version.

Administrators are advised to utilize certificates as part of a two-factor authentication system.

Administrators may consider restricting access to certificate-protected resources to trusted users through the use of a VPN or other remote access technology that is not affected.


Thanks for the heads up - I've uploaded neko_openssl-0.9.7k to beta.

_________________
私のホバークラフト は鰻が一杯です。
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.
Awesome Neko. Thanks!
neko_openssl-0.9.7l is now in beta - the 'k' release didn't last long :)

_________________
私のホバークラフト は鰻が一杯です。
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.
Again thanks Neko. Folks here take SSH security pretty seriously. It's a big help to me to have the lastest and greatest on the IRIX server.
Not a problem - glad to do it :)

_________________
私のホバークラフト は鰻が一杯です。
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.