NetBSD Security Advisory 2009-008: OpenSSL ASN1 parsing denial of service and CMS signature verification weakness

[NetBSD Security Officer <security-officer%NetBSD.org@localhost>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                 NetBSD Security Advisory 2009-008
                 =================================

Topic:          OpenSSL ASN1 parsing denial of service and CMS
                signature verification weakness

Version:        NetBSD-current:         affected prior to 2009-03-27
                NetBSD 5.0:             not affected
                NetBSD 4.0.*:           affected
                NetBSD 4.0:             affected
                pkgsrc:                 openssl package prior to 0.9.8k

Severity:       Denial of Service, Forgery of CMS signatures

Fixed:          NetBSD-current:         May 27, 2009
                NetBSD-4 branch:        July 4, 2009 (4.1 will include the fix)
                NetBSD-4-0 branch:      July 4, 2009 (4.0.2 will include the 
fix)
                pkgsrc 2009Q1:          openssl-0.9.8k corrects this issue

Please note that NetBSD releases prior to 4.0, as well as the pre-release
versions of NetBSD 5.0, are no longer supported. It is recommended that
all users upgrade to a supported release.


Abstract
========

A handling error in the ASN1 parser functions can cause an
application linked against libcrypto to crash. Another
vulnerability in the CMS signature verification algorithm
allows an attacker to modify the CMS attributes of a signed
certificate.

This vulnerability has been assigned CVE-2009-0590,
CVE-2009-0591 and CVE-2009-0789.

Technical Details
=================

The function ASN1_STRING_print_ex() when used to print a BMPString
or UniversalString will crash with an invalid memory access if the
encoded length of the string is illegal.

An error calculating the length of ASN1 structure members can be
exploit to cause a memory access violation in the error path on
architectures where sizeof(long) < sizeof(void *), causing an
application linked against a vulnerable version of libcrypto to
crash.

The function CMS_verify() does not correctly handle an error
condition involving malformed signed attributes. This will cause an
invalid set of signed attributes to appear valid and content
digests will not be checked.


Solutions and Workarounds
=========================

Currently, no workaround to this problem is known. Users must
either upgrade their OpenSSL version to include the fix, or
to restrict access to affected applications to trusted users
only.

The following instructions describe how to upgrade your OpenSSL
binaries by updating your source tree and rebuilding and
installing a new version of OpenSSL.

* NetBSD-current:

        Systems running NetBSD-current dated from before 2009-03-27
        should be upgraded to NetBSD-current dated 2009-03-28 or later.

        The following files/directories need to be updated from the
        netbsd-current CVS branch (aka HEAD):
                crypto/dist/openssl

        To update from CVS, re-build, and re-install OpenSSL:
                # cd src
                # cvs update -d -P crypto/dist/openssl
                # cd lib/libcrypto
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libcrypto
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libssl
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../../usr.bin/openssl
                # make USETOOLS=no cleandir
                # make USETOOLS=no dependall install

                If you use the patented libcrypto extensions,
                you will also want to execute the following commands:

                # cd ../../lib/libcrypto_idea
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libcrypto_mdc2
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libcrypto_rc5
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install


* NetBSD 4.*:

        Systems running NetBSD 4.* sources dated from before
        2009-07-04 should be upgraded from NetBSD 4.* sources dated
        2009-07-05 or later.

        NetBSD 4.1 and 4.0.2 will include the fix.

        The following files/directories need to be updated from the
        netbsd-4 or netbsd-4-0 branches:
                crypto/dist/openssl

        To update from CVS, re-build, and re-install OpenSSL:

                # cd src
                # cvs update -r <branch_name> -d -P crypto/dist/openssl
                # cd lib/libcrypto
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libcrypto
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libssl
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../../usr.bin/openssl
                # make USETOOLS=no cleandir
                # make USETOOLS=no dependall install

                If you use the patented libcrypto extensions,
                you will also want to execute the following commands:

                # cd ../../lib/libcrypto_idea
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libcrypto_mdc2
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install
                # cd ../libcrypto_rc5
                # make USETOOLS=no cleandir
                # make USETOOLS=no includes
                # make USETOOLS=no dependall install


Thanks To
=========

Ivan Nestlerode of IBM and Paolo Ganci for discovering and reporting
these issues.


Revision History
================

        2009-07-07      Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-008.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/.

Copyright 2009, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2009-008.txt,v 1.1 2009/07/07 21:57:15 tonnerre Exp $

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)

iQIcBAEBAgAGBQJKU8fnAAoJEAZJc6xMSnBu3tQP/A27N0vjPgawbMJ2ugtw8bVR
oRi95Vl0Qgvn3dAge37LIUd7xCYo7RuPcvJn23ua0DcTmObkc0HO0kiaucn/O7BQ
He794oEwtEzDv8oQYhKuRLGZQV9bzWfjHebmHWBH35FZtqZ5ujV1Anrf7cSmjKEY
wTmrUUws+/v3rdZ4HgXOzNiqyie17oN5QoX3iLmtQILTecLH15R6pv9SgBV003dz
/zy8ypKkshSfBXczLpHemOmlFh5wCH7vvsAnIgyXLKYCQ580zyyc6GQEOUBCw0uh
Id7A2DuksbB4/jtq0cZBqXa7kWjM4Ypufoxa/G5cbQMRTWeVdfDidc5Qismis6q+
gqAl6+7R7ZS4Txzp2Ve3bvN+dgXTyjYscWE59It8br1RnMY7sM/Ad8PlwCRbrLGs
0AA+tvF4yemQjgoSIbV2FBi8ZYyOkQH3mxgnuS/p7AXQLtEuz3wLmSuHFKnfHK7A
ikijnSOkj3u1Rrk0AqTYOsUQifzwdn7wkzyTSGWsIYYpUURJEmRFlmizM2tGRciR
411ND8lPOB3eI6FonbeWPfFrd3nAOfsI9+3IcA8Ez3wWTYD0X/dw36cJT1m66dou
SqEN6ibFeR70grJo6nuO4sH8G7e/9QkFesdccJhaRFgJ7D0Fc28WwLQohx9H9tnG
7Bnl8Q6GvEzktaYZeqOw
=eMbN
-----END PGP SIGNATURE-----