Multiple vulnerabilities in SSL/TLS implementation

By N-Stalker Team on October 7, 2003

Multiple vulnerabilities in different implementations of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols have been found. These vulnerabilities occur primarily in Abstract Syntax Notation One (ASN.1) parsing code. The most serious vulnerabilities may allow a remote attacker to execute arbitrary code. The common impact is denial of service.

The U.K. National Infrastructure Security Co-ordination Centre (NISCC) has developed a test suite to analyze the way SSL and TLS implementations handle exceptional ASN.1 objects contained in client and server certificate messages. Although the test suite focuses on certificate messages, any untrusted ASN.1 element may be used as an attack vector. An advisory from OpenSSL describes as vulnerable “Any application that makes use of OpenSSL’s ASN1 library to parse untrusted data. This includes all SSL or TLS applications, those using S/MIME (PKCS#7) or certificate generation routines.”

The most well-known usage of this library is the mod_ssl and Apache-SSL (for web access purposes), implementation of ssl wrapper for common protocols (pop3s and imaps), common implementations of SSH (OpenSSH) and TLS support for SMTP agents.

A official advisory has been released by the OpenSSL group and can be found here.

This entry was posted in Previous Security Advisories. Bookmark the permalink.