[Full-Disclosure] UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
security at sco.com
security at sco.com
Thu Oct 2 22:45:48 BST 2003
To: announce at lists.sco.com bugtraq at securityfocus.com full-disclosure at lists.netsys.com
-----BEGIN PGP SIGNED MESSAGE-----
SCO Security Advisory
Subject: UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
Advisory number: CSSA-2003-SCO.25
Issue date: 2003 October 01
1. Problem Description
OpenSSL is a commercial-grade, full-featured, open source
toolkit that implements Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well
as a full-strength general purpose cryptography library.
Multiple vulnerabilities have been found that could result
in denial of service. NISCC (www.niscc.gov.uk) prepared a
test suite to check the operation of SSL/TLS software when
presented with a wide range of malformed client certificates.
Dr Stephen Henson (steve at openssl.org) of the OpenSSL core
team identified and prepared fixes for a number of
vulnerabilities in the OpenSSL ASN1 code when running the
A bug in OpenSSLs SSL/TLS protocol was also identified which
causes OpenSSL to parse a client certificate from an SSL/TLS
client when it should reject it as a protocol error. For the
full OpenSSL advisory please see:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0545 and CAN-2003-0543 and
CAN-2003-0544 to these issues.
CERT has assigned the names VU#935264, VU#255484 and VU#255484
to these issues.
CERT VU#935264 / CAN-2003-0545: Double-free vulnerability in
OpenSSL 0.9.7 allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via
an SSL client certificate with a certain invalid ASN.1
CERT VU#255484 / CAN-2003-0543: Integer overflow
in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause
a denial of service (crash) via an SSL client certificate
with certain ASN.1 tag values.
CERT VU#255484 / CAN-2003-0544:
OpenSSL 0.9.6 and 0.9.7 does not properly track the number
of characters in certain ASN.1 inputs, which allows remote
attackers to cause a denial of service (crash) via an SSL
client certificate that causes OpenSSL to read past the
end of a buffer when the long form is used.
2. Vulnerable Supported Versions
Open UNIX 8.0.0,
The proper solution is to install the latest packages.
4. UnixWare 7.1.3 / Open UNIX 8.0.0 / UnixWare 7.1.1
4.1 The OpenSsl package must be installed. It is located at
4.2 Location of Fixed Binaries
MD5 (erg712449.Z) = 3a52615dfa14ef4ea7be1a4221fa7aed
md5 is available for download from
4.4 Installing Fixed Binaries
Upgrade the affected binaries with the following sequence:
1. Download the erg712449.Z file to the /tmp directory on your machine.
2. As root, uncompress the file and add the package to your system
using these commands:
Password: <type your root password>
# uncompress /tmp/erg712449.Z
# pkgadd -d /tmp/erg712449
# rm /tmp/erg712449
Specific references for this advisory:
SCO security resources:
This security fix closes SCO incidents sr885388 fz528383
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers
intended to promote secure installation and use of SCO
SCO would like to thank Dr. Stephen Henson who discovered
a number of errors in the OpenSSL ASN1 code, using a test
suite provided by NISCC (www.niscc.gov.uk). SCO would also
like to thank NISCC for their research.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.