ID

VAR-200911-0398

CVE

CVE-2009-3555

TITLE

SSL and TLS protocols renegotiation vulnerability

DESCRIPTION

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. SOLUTION: Apply updates (please see the vendor's advisory for details). HP ProCurve Threat Management Services (TMS) zl Module J9155A and J9156A ST.1.1.100330 and earlier. The updates are available from the following location: http://www.procurve.com/customercare/support/software/network-security.htm PRODUCT SPECIFIC INFORMATION None HISTORY: Version: 1 (rev.1) 4 August 2010 Initial release. HP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link. The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number (CVE-2010-0731). The updated packages have been patched to correct these issues. - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082). - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). - File TOCTOU deserialization vulnerability (CVE-2010-0085). - Inflater/Deflater clone issues (CVE-2010-0088). - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091). - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092). - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093). - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094). - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095). - JAR unpack200 must verify input parameters (CVE-2010-0837). - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). - Applet Trusted Methods Chaining Privilege Escalation Vulner ability (CVE-2010-0840). - AWT Library Invalid Index Vulnerability (CVE-2010-0848). Additional security issues that was fixed with IcedTea6 1.6.2: - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885). Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages: * plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474. Packages for 2009.0 are provided due to the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you. Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) 2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE) 2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8) 2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14) CVE Name: CVE-2009-3555 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. The most widespread use of SSL/TLS is to add security to the HTTP protocol, thus producing HTTPS. FreeBSD includes software from the OpenSSL Project which implements SSL and TLS. II. Problem Description The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters. III. Impact An attacker who can intercept a TCP connection being used for SSL or TLS can cause the initial session negotiation to take the place of a session renegotiation. This can be exploited in several ways, including: * Causing a server to interpret incoming messages as having been sent under the auspices of a client SSL key when in fact they were not; * Causing a client request to be appended to an attacker-supplied request, potentially revealing to the attacker the contents of the client request (including any authentication parameters); and * Causing a client to receive a response to an attacker-supplied request instead of a response to the request sent by the client. IV. V. Solution NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate SSL / TLS session parameters. As a result, connections in which the other party attempts to renegotiate session parameters will break. Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE, or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch # fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libcrypto # make obj && make depend && make includes && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.3 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.2.1 RELENG_6_4 src/UPDATING 1.416.2.40.2.12 src/sys/conf/newvers.sh 1.69.2.18.2.14 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.12.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.19 src/sys/conf/newvers.sh 1.69.2.15.2.18 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.10.1 RELENG_7 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.2.1 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.8.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1.2.1 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.8.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.2 src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.6.1 RELENG_8 src/crypto/openssl/ssl/s3_pkt.c 1.2.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.2.1 src/crypto/openssl/ssl/s3_lib.c 1.2.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/crypto/openssl/ssl/s3_pkt.c 1.2.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.3.4.1 src/crypto/openssl/ssl/s3_lib.c 1.2.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r200054 releng/6.4/ r200054 releng/6.3/ r200054 stable/7/ r200054 releng/7.2/ r200054 releng/7.1/ r200054 - ------------------------------------------------------------------------- VII. Service (DoS) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01963123 Version: 1 HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-12-21 Last Updated: 2009-12-21 Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following temporary software updates to resolve the vulnerability. NOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked libraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the HP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here http://www.itrc.hp.com/service/cki/secBullArchive.do To review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do The depots are available are available using ftp. Host / Account / Password ftp.usa.hp.com / sb02498 / Secure12 HP-UX Release / Temporary Depot name / SHA-1 Sum B.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot / 3B6BE547403C28926482192408D5D5AB603A403D B.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot / 4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7 B.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot / 1D65F7D49883399F4D202E16754CF7DAE71E3B47 B.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot / 943E21D4621B480B5E8E651ACB605B8F7EA47304 B.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot / B8836FDB73434A3C26FB411E3F7CB3211129E5AC MANUAL ACTIONS: Yes Install Apache v2.0.59.13 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. AFFECTED VERSIONS For Apache IPv4 and IPv6 HP-UX B.11.11 ============= hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent HP-UX B.11.23 ============= hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent HP-UX B.11.31 ============= hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.13 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 21 December 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: June 04, 2010 Bugs: #306579, #314531 ID: 201006-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The Oracle JDK and JRE are vulnerable to multiple unspecified vulnerabilities. Background ========== The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jre-bin < 1.6.0.20 >= 1.6.0.20 2 dev-java/sun-jdk < 1.6.0.20 >= 1.6.0.20 3 app-emulation/emul-linux-x86-java < 1.6.0.20 >= 1.6.0.20 ------------------------------------------------------------------- 3 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Resolution ========== All Oracle JRE 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.20" All Oracle JDK 1.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.20" All users of the precompiled 32bit Oracle JRE 1.6.x should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/emul-linux-x86-java-1.6.0.20" All Oracle JRE 1.5.x, Oracle JDK 1.5.x, and precompiled 32bit Oracle JRE 1.5.x users are strongly advised to unmerge Java 1.5: # emerge --unmerge =app-emulation/emul-linux-x86-java-1.5* # emerge --unmerge =dev-java/sun-jre-bin-1.5* # emerge --unmerge =dev-java/sun-jdk-1.5* Gentoo is ceasing support for the 1.5 generation of the Oracle Java Platform in accordance with upstream. All 1.5 JRE versions are masked and will be removed shortly. All 1.5 JDK versions are marked as "build-only" and will be masked for removal shortly. Users are advised to change their default user and system Java implementation to an unaffected version. For example: # java-config --set-system-vm sun-jdk-1.6 For more information, please consult the Gentoo Linux Java documentation. References ========== [ 1 ] CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 [ 2 ] CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 [ 3 ] CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 [ 4 ] CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 [ 5 ] CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 [ 6 ] CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 [ 7 ] CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 [ 8 ] CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 [ 9 ] CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 [ 10 ] CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 [ 11 ] CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 [ 12 ] CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 [ 13 ] CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 [ 14 ] CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 [ 15 ] CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 [ 16 ] CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 [ 17 ] CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 [ 18 ] CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 [ 19 ] CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 [ 20 ] CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 [ 21 ] CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 [ 22 ] CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 [ 23 ] CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 [ 24 ] CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 [ 25 ] CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 [ 26 ] CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 [ 27 ] CVE-2010-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 [ 28 ] CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 [ 29 ] CVE-2010-0887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887 [ 30 ] Gentoo Linux Java documentation http://www.gentoo.org/doc/en/java.xml#doc_chap4 [ 31 ] Oracle Java SE and Java for Business Critical Patch Update Advisory - March 2010 http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201006-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. License ======= Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: OpenOffice.org Data Manipulation and Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA40070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40070 RELEASE DATE: 2010-06-08 DISCUSS ADVISORY: http://secunia.com/advisories/40070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to manipulate certain data or compromise a user's system. For more information see vulnerability #1 in: SA37291 2) An error when exploring python code through the scripting IDE can be exploited to potentially execute arbitrary code. The vulnerabilities are reported in versions prior to 3.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openoffice.org/security/cves/CVE-2010-0395.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: openssl Announcement ID: SUSE-SA:2009:057 Date: Wed, 18 Nov 2009 08:00:00 +0000 Affected Products: openSUSE 11.0 openSUSE 11.1 openSUSE 11.2 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SLE SDK 10 SP2 SLE SDK 10 SP3 SUSE Linux Enterprise Desktop 10 SP2 SUSE Linux Enterprise Desktop 10 SP3 SUSE Linux Enterprise 10 SP2 DEBUGINFO SUSE Linux Enterprise Server 10 SP2 SUSE Linux Enterprise 10 SP3 DEBUGINFO SUSE Linux Enterprise Server 10 SP3 SLES 11 DEBUGINFO SUSE Moblin 2.0 SLE 11 SLED 11 SLES 11 Vulnerability Type: man-in-the-middle attack CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:P/A:P) SUSE Default Package: yes Cross-References: CVE-2009-3555 Content of This Advisory: 1) Security Vulnerability Resolved: using unauthenticated data during TLS renegotiation Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP. 2) Solution or Work-Around There is no work-around known. Please install the update. Moblin packages will be released later. 3) Special Instructions and Notes Please note that this update disables renegotiation for all applications using openssl. All applications using openssl need to be restarted. You can find out what library an application uses with lsof(8) as root. If possible restart your system. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 11.2: http://download.opensuse.org/debug/update/11.2/rpm/i586/compat-openssl097g-debuginfo-0.9.7g-149.5.3.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/compat-openssl097g-debugsource-0.9.7g-149.5.3.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/libopenssl0_9_8-debuginfo-0.9.8k-3.5.3.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/openssl-debuginfo-0.9.8k-3.5.3.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/openssl-debugsource-0.9.8k-3.5.3.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/compat-openssl097g-0.9.7g-149.5.3.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/libopenssl-devel-0.9.8k-3.5.3.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/libopenssl0_9_8-0.9.8k-3.5.3.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/openssl-0.9.8k-3.5.3.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/openssl-doc-0.9.8k-3.5.3.i586.rpm openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/i586/compat-openssl097g-debuginfo-0.9.7g-146.11.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/compat-openssl097g-debugsource-0.9.7g-146.11.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/openssl-debuginfo-0.9.8h-28.11.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/openssl-debugsource-0.9.8h-28.11.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/compat-openssl097g-0.9.7g-146.11.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/libopenssl-devel-0.9.8h-28.11.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/libopenssl0_9_8-0.9.8h-28.11.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/openssl-0.9.8h-28.11.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/openssl-doc-0.9.8h-28.11.1.i586.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/i586/compat-openssl097g-debuginfo-0.9.7g-119.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/compat-openssl097g-debugsource-0.9.7g-119.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/openssl-debuginfo-0.9.8g-47.10.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/openssl-debugsource-0.9.8g-47.10.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/compat-openssl097g-0.9.7g-119.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/libopenssl-devel-0.9.8g-47.10.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/libopenssl0_9_8-0.9.8g-47.10.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/openssl-0.9.8g-47.10.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/openssl-certs-0.9.8g-47.10.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/openssl-doc-0.9.8g-47.10.i586.rpm Platform Independent: openSUSE 11.2: http://download.opensuse.org/update/11.2/rpm/noarch/openssl-certs-0.9.8h-28.2.1.noarch.rpm openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/noarch/openssl-certs-0.9.8h-25.2.13.noarch.rpm Power PC Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/ppc/compat-openssl097g-debuginfo-0.9.7g-146.11.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/compat-openssl097g-debuginfo-64bit-0.9.7g-146.11.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/compat-openssl097g-debugsource-0.9.7g-146.11.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/openssl-debuginfo-0.9.8h-28.11.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/openssl-debugsource-0.9.8h-28.11.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/compat-openssl097g-0.9.7g-146.11.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/compat-openssl097g-64bit-0.9.7g-146.11.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/libopenssl-devel-0.9.8h-28.11.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/libopenssl0_9_8-0.9.8h-28.11.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/libopenssl0_9_8-64bit-0.9.8h-28.11.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/openssl-0.9.8h-28.11.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/openssl-doc-0.9.8h-28.11.1.ppc.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/ppc/compat-openssl097g-debuginfo-0.9.7g-119.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/compat-openssl097g-debugsource-0.9.7g-119.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/openssl-debuginfo-0.9.8g-47.10.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/openssl-debugsource-0.9.8g-47.10.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/compat-openssl097g-0.9.7g-119.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/compat-openssl097g-64bit-0.9.7g-119.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/libopenssl-devel-0.9.8g-47.10.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/libopenssl0_9_8-0.9.8g-47.10.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/libopenssl0_9_8-64bit-0.9.8g-47.10.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/openssl-0.9.8g-47.10.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/openssl-certs-0.9.8g-47.10.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/openssl-doc-0.9.8g-47.10.ppc.rpm x86-64 Platform: openSUSE 11.2: http://download.opensuse.org/debug/update/11.2/rpm/x86_64/compat-openssl097g-debuginfo-0.9.7g-149.5.3.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/compat-openssl097g-debuginfo-32bit-0.9.7g-149.5.3.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/compat-openssl097g-debugsource-0.9.7g-149.5.3.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/libopenssl0_9_8-debuginfo-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/libopenssl0_9_8-debuginfo-32bit-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/openssl-debuginfo-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/openssl-debugsource-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/compat-openssl097g-0.9.7g-149.5.3.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/compat-openssl097g-32bit-0.9.7g-149.5.3.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/libopenssl-devel-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/libopenssl0_9_8-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/libopenssl0_9_8-32bit-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/openssl-0.9.8k-3.5.3.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/openssl-doc-0.9.8k-3.5.3.x86_64.rpm openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/x86_64/compat-openssl097g-debuginfo-0.9.7g-146.11.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/compat-openssl097g-debuginfo-32bit-0.9.7g-146.11.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/compat-openssl097g-debugsource-0.9.7g-146.11.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/openssl-debuginfo-0.9.8h-28.11.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/openssl-debugsource-0.9.8h-28.11.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/compat-openssl097g-0.9.7g-146.11.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/compat-openssl097g-32bit-0.9.7g-146.11.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/libopenssl-devel-0.9.8h-28.11.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/libopenssl0_9_8-0.9.8h-28.11.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/libopenssl0_9_8-32bit-0.9.8h-28.11.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/openssl-0.9.8h-28.11.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/openssl-doc-0.9.8h-28.11.1.x86_64.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/x86_64/compat-openssl097g-debuginfo-0.9.7g-119.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/compat-openssl097g-debugsource-0.9.7g-119.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/openssl-debuginfo-0.9.8g-47.10.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/openssl-debugsource-0.9.8g-47.10.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/compat-openssl097g-0.9.7g-119.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/compat-openssl097g-32bit-0.9.7g-119.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/libopenssl-devel-0.9.8g-47.10.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/libopenssl0_9_8-0.9.8g-47.10.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/libopenssl0_9_8-32bit-0.9.8g-47.10.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/openssl-0.9.8g-47.10.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/openssl-certs-0.9.8g-47.10.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/openssl-doc-0.9.8g-47.10.x86_64.rpm Sources: openSUSE 11.2: http://download.opensuse.org/update/11.2/rpm/src/compat-openssl097g-0.9.7g-149.5.3.src.rpm http://download.opensuse.org/update/11.2/rpm/src/openssl-0.9.8k-3.5.3.src.rpm http://download.opensuse.org/update/11.2/rpm/src/openssl-certs-0.9.8h-28.2.1.src.rpm openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/compat-openssl097g-0.9.7g-146.11.1.src.rpm http://download.opensuse.org/update/11.1/rpm/src/openssl-0.9.8h-28.11.1.src.rpm http://download.opensuse.org/update/11.1/rpm/src/openssl-certs-0.9.8h-25.2.13.src.rpm openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/src/compat-openssl097g-0.9.7g-119.7.src.rpm http://download.opensuse.org/update/11.0/rpm/src/openssl-0.9.8g-47.10.src.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Server 10 SP3 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=c061b25f20728b088a7357bd5622663c http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0 SLE SDK 10 SP3 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0 SUSE Linux Enterprise 10 SP3 DEBUGINFO http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0 SUSE Linux Enterprise Desktop 10 SP3 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=c061b25f20728b088a7357bd5622663c http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0 Open Enterprise Server http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56 Novell Linux POS 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56 Novell Linux Desktop 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56 SUSE SLES 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56 SUSE Moblin 2.0 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=4ce70591574c803658a0a92c20de4b63 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7b9d9b0dd5ed590f2715f8868f4732dd SUSE Linux Enterprise Server 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=94258f4988a9f1a208fd7e21392bd3be http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1 SLE SDK 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1 SUSE Linux Enterprise 10 SP2 DEBUGINFO http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1 SUSE Linux Enterprise Desktop 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=94258f4988a9f1a208fd7e21392bd3be http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1 SLES 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069 SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2ffd4e402785dad2cb33b70b2b6b9d9b http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069 SLE 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069 SLES 11 DEBUGINFO http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2ffd4e402785dad2cb33b70b2b6b9d9b http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: Please read our Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. The <security@suse.de> public key is listed below. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Since many changes had occurred on the 0.9.8 branch without a public release it was decided to release 0.9.8l based on the last publicly tested release version 0.9.8k. He can then send arbitrary data and trigger a renegotiation using the client's original connection data. From the server's point of view the client simply connected, sent data, renegotiated and continued. From the client's point of view he connects to the server normally. There is no indication at the SSL level that the attack occurred. There may be indications at the level of the protocol layered on top of SSL, for example, unexpected or pipelined responses. This attack can also be performed when the server requests a renegotiation - in this variant, the MitM would wait for the server's renegotiation request and at that point replay the clients original connection data. Once the original client connection data has been replayed, the MitM can no longer inject data, nor can he read the traffic over the SSL connection in either direction. Because of the nature of the attack, this is only an effective defence when deployed on servers. Upgraded clients will still be vulnerable. Servers that need renegotiation to function correctly obviously cannot deploy this fix without breakage. Severity ======== Because of the enormous difficulty of analysing every possible attack on every protocol that is layered on SSL, the OpenSSL Team classify this as a severe issue and recommend that everyone who does not rely on renegotiation deploy 0.9.8l as soon as possible. History ======= A small number of people knew about the problem in advance under NDA and a comprehensive fix was being developed. Unfortunately the issue was independently discovered and the details made public so a less than ideal brute force emergency fix had to be developed and released. We are working on incorporating this into 0.9.8m, which will also incorporate a number of other security and bug fixes. Because renegotiation is, in practice, rarely used we will not be rushing the production of 0.9.8m, but will instead test interoperability with other implementations, and ensure the stability of the other fixes before release. Also thanks to ICASI who managed the early coordination of this issue. References =========== CVE-2009-3555: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 TLS extension: https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt URL for this Security Advisory: https://www.openssl.org/news/secadv_20091111.txt . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability Advisory ID: cisco-sa-20091109-tls http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml Revision 1.0 For Public Release 2009 November 9 1600 UTC (GMT) Summary ======= An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml. Affected Products ================= Cisco is currently evaluating products for possible exposure to these TLS issues. Products will only be listed in the Vulnerable Products or Products Confirmed Not Vulnerable sections of this advisory when a final determination about product exposure is made. Products that are not listed in either of these two sections are still being evaluated. Vulnerable Products - ------------------- This section will be updated when more information is available. Products Confirmed Not Vulnerable - --------------------------------- The following products are confirmed not vulnerable: * Cisco AnyConnect VPN Client This section will be updated when more information is available. Details ======= TLS and its predecessor, SSL, are cryptographic protocols that provide security for communications over IP data networks such as the Internet. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. The following Cisco Bug IDs are being used to track potential exposure to the SSL and TLS issues. The bugs listed below do not confirm that a product is vulnerable, but rather that the product is under investigation by the appropriate product teams. Registered Cisco customers can view these bugs via Cisco's Bug Toolkit: http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl +------------------------------------------------------------+ | Product | Bug ID | |----------------------------+-------------------------------| | Cisco Adaptive Security | CSCtd01491 | | Device Manager (ASDM) | | |----------------------------+-------------------------------| | Cisco AON Software | CSCtd01646 | | | | |----------------------------+-------------------------------| | Cisco AON Healthcare for | CSCtd01652 | | HIPAA and ePrescription | | |----------------------------+-------------------------------| | Cisco Application and | CSCtd01529 | | Content Networking System | | | (ACNS) Software | | |----------------------------+-------------------------------| | Cisco Application | CSCtd01480 | | Networking Manager | | |----------------------------+-------------------------------| | Cisco ASA 5500 Series | CSCtd00697 | | Adaptive Security | | | Appliances | | |----------------------------+-------------------------------| | Cisco ASA Advanced | | | Inspection and Prevention | CSCtd01539 | | (AIP) Security Services | | | Module | | |----------------------------+-------------------------------| | Cisco AVS 3100 Series | CSCtd01566 | | Application Velocity | | | System | | |----------------------------+-------------------------------| | Cisco Catalyst 6500 Series | CSCtd06389 | | SSL Services Module | | |----------------------------+-------------------------------| | Firewall Services Module | CSCtd04061 | | FWSM | | |----------------------------+-------------------------------| | Cisco CSS 11000 Series | CSCtd01636 | | Content Services Switches | | |----------------------------+-------------------------------| | Cisco Unified SIP Phones | CSCtd01446 | | | | |----------------------------+-------------------------------| | Cisco Data Center Network | CSCtd02635 | | Manager | | |----------------------------+-------------------------------| | Cisco Data Mobility | CSCtd02642 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01703 | | Encoders | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01692 | | Manager | | |----------------------------+-------------------------------| | Cisco Digital Media | CSCtd01718 | | Players | | |----------------------------+-------------------------------| | Cisco Emergency Responder | CSCtd02650 | | | | |----------------------------+-------------------------------| | Cisco IOS Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XE Software | CSCtd00658 | | | | |----------------------------+-------------------------------| | Cisco IOS XR Software | CSCtd02658 | | | | |----------------------------+-------------------------------| | Cisco IP Communicator | CSCtd02662 | | | | |----------------------------+-------------------------------| | CATOS | CSCtd00662 | | | | |----------------------------+-------------------------------| | Cisco IronPort Appliances | CSCtd02069 | | | | |----------------------------+-------------------------------| | Cisco Unified MeetingPlace | CSCtd02709 | | | | |----------------------------+-------------------------------| | Cisco NAC Appliance (Clean | CSCtd01453 | | Access) | | |----------------------------+-------------------------------| | Cisco NAC Guest Server | CSCtd01462 | | | | |----------------------------+-------------------------------| | Cisco NAC Profiler | CSCtd02716 | | | | |----------------------------+-------------------------------| | Cisco Network Analysis | CSCtd02729 | | Module Software (NAM) | | |----------------------------+-------------------------------| | Cisco Network Registrar | CSCtd02748 | | | | |----------------------------+-------------------------------| | Cisco ONS 15500 Series | CSCtd02769 | | | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd02777 | | Gateways | | |----------------------------+-------------------------------| | Cisco Physical Access | CSCtd03912 | | Manager | | |----------------------------+-------------------------------| | Cisco Physical Security | CSCtd03920 | | ISM | | |----------------------------+-------------------------------| | Cisco QoS Device Manager | CSCtd03923 | | | | |----------------------------+-------------------------------| | Cisco Secure Access | CSCtd00725 | | Control Server (ACS) | | |----------------------------+-------------------------------| | Cisco Secure Desktop | CSCtd03928 | | | | |----------------------------+-------------------------------| | Cisco Secure Services | CSCtd03935 | | Client | | |----------------------------+-------------------------------| | Cisco Security Agent CSA | CSCtd02689 | | | | |----------------------------+-------------------------------| | Cisco Security Monitoring, | CSCtd02654 | | Analysis and Response | | | System (MARS) | | |----------------------------+-------------------------------| | Cisco Unified IP Phones | CSCtd04121 | | | | |----------------------------+-------------------------------| | Cisco Service Control | CSCtd04171 | | Subscriber Manager | | |----------------------------+-------------------------------| | Cisco TelePresence Manager | CSCtd01771 | | | | |----------------------------+-------------------------------| | Telepresence for Consumer | CSCtd01752 | | | | |----------------------------+-------------------------------| | Cisco TelePresence | CSCtd01742 | | Recording Server | | |----------------------------+-------------------------------| | Cisco Network Asset | CSCtd04198 | | Collector | | |----------------------------+-------------------------------| | Cisco Unified | CSCtd01282 | | Communications Manager | | | (CallManager) | | |----------------------------+-------------------------------| | Cisco Unified Business | CSCtd05731 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Enterprise | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Express | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05755 | | Center Management Portal | | |----------------------------+-------------------------------| | Cisco Unified Contact | CSCtd05790 | | Center Products | | |----------------------------+-------------------------------| | Cisco Unified Department | CSCtd05733 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified E-Mail | CSCtd05756 | | Interaction Manager | | |----------------------------+-------------------------------| | Cisco Unified Enterprise | CSCtd05735 | | Attendant Console | | |----------------------------+-------------------------------| | Cisco Unified Mobile | CSCtd05762 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05786 | | | | |----------------------------+-------------------------------| | Cisco Unified Mobility | CSCtd05783 | | Advantage | | |----------------------------+-------------------------------| | Cisco Unified Operations | CSCtd05784 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Personal | CSCtd05759 | | Communicator | | |----------------------------+-------------------------------| | Cisco Unified Presence | CSCtd05791 | | | | |----------------------------+-------------------------------| | Cisco Unified Provisioning | CSCtd05777 | | Manager | | |----------------------------+-------------------------------| | Cisco Unified Quick | CSCtd05738 | | Connect | | |----------------------------+-------------------------------| | Cisco Unified Service | CSCtd05780 | | Monitor | | |----------------------------+-------------------------------| | Cisco Unified Service | CStCd05778 | | Statistics Manager | | |----------------------------+-------------------------------| | Cisco Unified SIP Proxy | CSCtd05765 | | | | |----------------------------+-------------------------------| | Cisco Unity | CSCtd02855 | | | | |----------------------------+-------------------------------| | Cisco NX-OS Software | CSCtd00699 and CSCtd00703 | | | | |----------------------------+-------------------------------| | Cisco Video Portal | CSCtd04097 | | | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02831 | | Media Server Software | | |----------------------------+-------------------------------| | Cisco Video Surveillance | CSCtd02780 | | Operations Manager | | | Software | | |----------------------------+-------------------------------| | Cisco Wide Area File | CSCtd04106 | | Services Software (WAFS) | | |----------------------------+-------------------------------| | Cisco Wireless Control | CSCtd01625 | | System | | |----------------------------+-------------------------------| | Cisco Wireless LAN | CSCtd01611 | | Controller (WLAN) | | |----------------------------+-------------------------------| | Cisco Wireless Location | CSCtd04115 | | Appliance | | |----------------------------+-------------------------------| | CiscoWorks Common Services | CSCtd01597 | | Software | | |----------------------------+-------------------------------| | CiscoWorks Wireless LAN | CSCtd04111 | | Solution Engine (WLSE) | | +------------------------------------------------------------+ This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2009-3555. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * TLS Renegotiation Vulnerability (all Cisco Bugs above) CVSS Base Score - 4.3 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 4.1 Exploitability - Functional Remediation Level - Unavailable Report Confidence - Confirmed Impact ====== This section will be updated when more information is available. Software Versions and Fixes =========================== This section will be updated to include fixed software versions for affected Cisco products as they become available. Workarounds =========== Workarounds are being investigated. This section will be updated when more information becomes available. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts - -------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations - ------------------------------------------------- Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts - ----------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== This vulnerability was initially discovered by Marsh Ray and Steve Dispensa from PhoneFactor, Inc. Cisco is not aware of any malicious exploitation of this vulnerability. Proof-of-concept exploit code has been published for this vulnerability. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2009-November-9 | Initial public release | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2008-2009 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Nov 09, 2009 Document ID: 111046 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkr4TCsACgkQ86n/Gc8U/uDNWgCfYptXVZhz0qn2DvRh2zUtZ5EF OS4AoJediPm3/t9XqYIdrjR5PNP25iY/ =SkAu -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

overflow

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES