ID

VAR-200110-0192

CVE

CVE-2006-4339

TITLE

OpenSSL SSLv2 client code fails to properly check for NULL

DESCRIPTION

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow an attacker to forge RSA signatures. RSA The signature is used to prove that the message origin can be trusted. RSA There is a vulnerability in multiple software that implements that the signature is not verified correctly. For example, SSH , SSL , PGP , X.509 May affect the software.By a remote third party RSA The signature may be forged. This may prevent the validity of the signed message. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3. You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm 4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2007.0: 6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm 03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm 7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm 594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Corporate 3.0: fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm 0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm 99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 3.0/X86_64: e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 4.0: 8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm 83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm 0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z 6faoicEmIFqGW4QuEVIhCbU= =bI0u -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1174-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans September 11th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : openssl096 Problem-Type : local Vulnerability : cryptographic weakness Debian-specific: no CVE ID : CVE-2006-4339 BugTraq ID : 19849 Debian Bug : 386247 Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid. For the stable distribution (sarge) this problem has been fixed in version 0.9.6m-1sarge2 This package exists only for compatibility with older software, and is not present in the unstable or testing branches of Debian. We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447 http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb Size/MD5 checksum: 1965098 f321c9d2831643d65718730f8ff81f16 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb Size/MD5 checksum: 578014 b47b9fb2acd8c6e22aac6812c7ad4dda ARM architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb Size/MD5 checksum: 518746 29a69a8d997445d4ae2a53c337678cc6 HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb Size/MD5 checksum: 587368 4291ac3835b28ae9acf555ec90242d26 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb Size/MD5 checksum: 1755640 d9fb8d8383c96d0d4ebe4af8cb5e9a3a Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb Size/MD5 checksum: 814966 1a366b00181bba9bd04b2312f4ae8f42 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb Size/MD5 checksum: 476722 2002d9eeb9b36d329855042466c9dfc1 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb Size/MD5 checksum: 576764 2001e7d3f5d72e0328b8d46f83bb0b4d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb Size/MD5 checksum: 568756 3b25b7c66ff42626c8f458be9485f9bb PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb Size/MD5 checksum: 582402 e677ab4fd68d34affff58a9c7d2cd823 IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb Size/MD5 checksum: 602334 674b58c6811c7e60ad2bb53ec7c1bcdc Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb Size/MD5 checksum: 1458574 d9ab5370d48647780172587e58682297 These files will probably be moved into the stable distribution on its next update. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) BACKGROUND RESOLUTION HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126 HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7 HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45 HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652 Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. PRODUCT SPECIFIC INFORMATION The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice, LibreOffice: Multiple vulnerabilities Date: August 31, 2014 Bugs: #283370, #305195, #320491, #332321, #352864, #386081, #409509, #429482, #514886 ID: 201408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. Background ========== OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/openoffice-bin < 3.5.5.3 >= 3.5.5.3 2 app-office/openoffice <= 3.5.5.3 Vulnerable! 3 app-office/libreoffice < 4.2.5.2 >= 4.2.5.2 4 app-office/libreoffice-bin < 4.2.5.2 >= 4.2.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages Description =========== Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3" All LibreOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"= All LibreOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2" We recommend that users unmerge OpenOffice: # emerge --unmerge "app-office/openoffice" References ========== [ 1 ] CVE-2006-4339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339 [ 2 ] CVE-2009-0200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200 [ 3 ] CVE-2009-0201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201 [ 4 ] CVE-2009-0217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217 [ 5 ] CVE-2009-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949 [ 6 ] CVE-2009-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950 [ 7 ] CVE-2009-3301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301 [ 8 ] CVE-2009-3302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302 [ 9 ] CVE-2010-0395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395 [ 10 ] CVE-2010-2935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935 [ 11 ] CVE-2010-2936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936 [ 12 ] CVE-2010-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450 [ 13 ] CVE-2010-3451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451 [ 14 ] CVE-2010-3452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452 [ 15 ] CVE-2010-3453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453 [ 16 ] CVE-2010-3454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454 [ 17 ] CVE-2010-3689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689 [ 18 ] CVE-2010-4253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253 [ 19 ] CVE-2010-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643 [ 20 ] CVE-2011-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713 [ 21 ] CVE-2012-0037 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037 [ 22 ] CVE-2012-1149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149 [ 23 ] CVE-2012-2149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149 [ 24 ] CVE-2012-2334 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334 [ 25 ] CVE-2012-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665 [ 26 ] CVE-2014-0247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Background ========== OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. NOTE: Any packages listed without architecture tags apply to all architectures... The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. 1) The included libxml2 library fails to properly verify signatures. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. For more information see vulnerability #2 in: SA35967 4) An error in the processing XPM files can be exploited to potentially execute arbitrary code. 5) An error in the processing GIF files can be exploited to potentially execute arbitrary code. 6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code. SOLUTION: Update to version 3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00794048 Version: 1 HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2006-10-31 Last Updated: 2006-10-31 Potential Security Impact: Remote Unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. References: CVE-2006-4339 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy. BACKGROUND The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report. Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. AFFECTED VERSIONS HP-UX B.11.04 Virtualvault A.04.70 =========================== VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-CORE-CMN VaultTGP.TGP-CORE action: install PHSS_35463, PHSS_35460, PHSS_35481 or subsequent HP-UX B.11.04 Virtualvault A.04.70 (Apache 2.X) ==================================== VaultWS.WS-CORE action: install PHSS_35436 or subsequent HP-UX B.11.04 Virtualvault A.04.60 =========================== VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-CORE-CMN VaultTGP.TGP-CORE action: install PHSS_35462, PHSS_35459, PHSS_35480 or subsequent HP-UX B.11.04 Virtualvault A.04.50 =========================== VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-IWS-JK VaultTS.VV-CORE-CMN action: install PHSS_35461, PHSS_35458 or subsequent HP-UX B.11.04 HP Webproxy A.02.10 (Apache 2.x) ============================ HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35437 or subsequent HP-UX B.11.04 HP Webproxy A.02.10 (Apache 1.x) ============================ HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35111 or subsequent HP-UX B.11.04 HP Webproxy A.02.00 ============================ HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35110 or subsequent END AFFECTED VERSIONS RESOLUTION HP is making the following patches available to resolve this issue. The patches are available for download from http://itrc.hp.com For B.11.04 HP has made the following patches available: PHSS_35463 Virtualvault 4.7 OWS (Apache 1.x) update PHSS_35460 Virtualvault 4.7 IWS update PHSS_35481 Virtualvault 4.7 TGP update PHSS_35436 Virtualvault 4.7 OWS (Apache 2.x) update PHSS_35462 Virtualvault 4.6 OWS update PHSS_35459 Virtualvault 4.6 IWS update PHSS_35480 Virtualvault 4.6 TGP update PHSS_35461 Virtualvault 4.5 OWS update PHSS_35458 Virtualvault 4.5 IWS update PHSS_35437 Webproxy server 2.1 (Apache 2.x) update PHSS_35111 Webproxy server 2.1 (Apache 1.x) update PHSS_35110 Webproxy server 2.0 update PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA MANUAL ACTIONS: No HISTORY Version: 1 (rev.1) 31 October 2006 Initial release Third Party Security Patches: Third Party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com. It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA& langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW, MA = HP Management Agents, MI = Misc. 3rd party SW, MP = HP MPE/iX, NS = HP NonStop Servers, OV = HP OpenVMS, PI = HP Printing & Imaging, ST = HP Storage SW, TL = HP Trusted Linux, TU = HP Tru64 UNIX, UX = HP-UX, VV = HP Virtual Vault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." (c)Copyright 2006 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRUi1AuAfOvwtKn1ZEQKXtQCfVa/C4zQ6PjBcTthCZGSi6LaqhJkAoJyb 4zQ+FfHTQ+8o6iNE/2/Qlm9f =2Kp/ -----END PGP SIGNATURE-----

AFFECTED PRODUCTS