安全研究
安全漏洞
OpenSSL EVP_VerifyFinal函数签名验证漏洞
发布日期:2009-01-07
更新日期:2009-01-08
受影响系统:
OpenSSL Project OpenSSL 0.9.8j描述:
BUGTRAQ ID: 33150,33151
CVE(CAN) ID: CVE-2008-5077,CVE-2009-0021,CVE-2009-0025,CVE-2009-0046,CVE-2009-0047,CVE-2009-0048,CVE-2009-0049,CVE-2009-0050,CVE-2009-0051
OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
某些OpenSSL函数在验证DSA和ECDSA密钥签名时没有正确地验证EVP_VerifyFinal()和DSA_do_verify()函数的返回值,畸形的签名可能被处理为有效签名而不是错误。恶意服务器或中间人攻击者可以在证书链中向客户端特制的SSL/TLS签名来绕过有效性验证,诱骗客户端错误的信任恶意站点。
<*来源:Google安全小组
链接:http://secunia.com/advisories/33338/
http://marc.info/?l=bugtraq&m=123134642004033&w=2
http://www.openssl.org/news/secadv_20090107.txt
https://lists.isc.org/pipermail/bind-announce/2009-January/000291.html
http://secunia.com/advisories/33449/
http://secunia.com/advisories/33406/
http://secunia.com/advisories/33404/
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-09:02.openssl.asc
https://www.redhat.com/support/errata/RHSA-2009-0004.html
https://www.redhat.com/support/errata/RHSA-2009-0020.html
http://www.debian.org/security/2009/dsa-1700
http://security.gentoo.org/glsa/glsa-200902-02.xml
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-250846-1
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1700-1)以及相应补丁:
DSA-1700-1:New lasso packages fix validation bypass
链接:http://www.debian.org/security/2009/dsa-1700
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5-3+etch1.diff.gz
Size/MD5 checksum: 7571 1795008d78e35b8e3a098e5f72fabe68
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5.orig.tar.gz
Size/MD5 checksum: 1420093 6263375e5910577258a04882b50d58cd
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5-3+etch1.dsc
Size/MD5 checksum: 1149 a2975d5f40cc77b4416189c91b640626
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 188988 52db78dd66b6ee7af8e952423a5bae69
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 202066 25f98352704c905d0ec9e50a876eca5b
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 243412 7f7cc9c581abcb282255437e0347a4a5
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 199052 7846d19823e3f0f3920e225565612241
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_alpha.deb
Size/MD5 checksum: 102330 3162bda7c4114d1077de147f74fedca2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 190932 9d0ad6de3244a13c21ffd9c9f84c84cb
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 96332 3826a242c6c8d970d16947da4f9ebad8
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 197730 2df1a9f5846da409446cf2fe639fdd18
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 181050 33a215818d3127efe4783f6450a65e38
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_amd64.deb
Size/MD5 checksum: 203192 7bf3acad905bc1d1d3db1dc6a2376fb2
arm architecture (ARM)
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 160002 98cd9c31a9c5cc6e2d00af6994df275f
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 170136 ffdf6a636e0976dc2453c3c4cdde6148
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 79320 b7e55e0058211a978b081d34200b6dd2
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 171604 20252678b9734a661bb9d1de85bcc19f
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_arm.deb
Size/MD5 checksum: 162136 27d611c443da457449aae51e1886d850
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 205932 81450e57634addeaf1184fbd22e77e8a
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 196804 115fb72d48047215dde67725977f4776
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 107412 3531a223c7c38a90ad18c1cdb305f056
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 194800 e76b5149eb02bab77a2748e56b1fa607
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_hppa.deb
Size/MD5 checksum: 190720 16abaafbdf73a532c807f4fc08cb826a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 166418 105a00318a2b57dea1c3957c976ba73e
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 184638 b4ba5bb2f5d38d3b60493433425c3a11
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 182136 594c2da1dfaea16e7f52245b5eed87aa
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 86676 0926b46ed2e93ddf24693fdf61828521
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_i386.deb
Size/MD5 checksum: 161366 68f12ada6b09b127957371f95f77df77
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_ia64.deb
Size/MD5 checksum: 192958 32455f398eae4f66e7c0826d82e23081
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_ia64.deb
Size/MD5 checksum: 216814 b5a48191d251e59687f8b4baeeba19f7
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_ia64.deb
Size/MD5 checksum: 121722 50a3c1e995450eb0a0f8150cf02a88d3
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_ia64.deb
Size/MD5 checksum: 266790 311b79245a32bb66b30dceea1cb6d3da
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_ia64.deb
Size/MD5 checksum: 216200 ad8b63cede6787ae731aee94d7edab16
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_mips.deb
Size/MD5 checksum: 78310 70edbabaad959ab6a17b676fe0ea03c6
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_mips.deb
Size/MD5 checksum: 141498 2809cae134e9d1854764975184191798
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_mips.deb
Size/MD5 checksum: 135898 0c3e46f010c591e99f56eacf57108940
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_mips.deb
Size/MD5 checksum: 174772 4b6269ed3502850709d2e649aec05851
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_mips.deb
Size/MD5 checksum: 183986 4e38bdb6f27ec82719a63b2a47a50a22
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_mipsel.deb
Size/MD5 checksum: 78006 47ed53cb8c5f3dcd0c60bc6f748629dc
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_mipsel.deb
Size/MD5 checksum: 178412 192198be8b38252e0e9c37c84e3f9129
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_mipsel.deb
Size/MD5 checksum: 139602 7d6fba843d9ffbde9c6867e6293b50ef
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_mipsel.deb
Size/MD5 checksum: 130842 79d8fdde15e1651da4967c132768ef11
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_mipsel.deb
Size/MD5 checksum: 173854 a4217a9f17adae1ddb4d1e9002fecb43
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_powerpc.deb
Size/MD5 checksum: 196058 38b56e6e3ddc7f56567c74ec643fec81
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_powerpc.deb
Size/MD5 checksum: 177630 f528eb20a85f706ab9f3f3758f9414f4
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_powerpc.deb
Size/MD5 checksum: 87580 87cc0b0cb0f50f80ac0d6a75d3cbb5a5
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_powerpc.deb
Size/MD5 checksum: 157740 aba541317a5ea52fc2a9a17e14e96db7
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_powerpc.deb
Size/MD5 checksum: 183172 c179334bd068ed62b5453b88b982eeb5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_s390.deb
Size/MD5 checksum: 162292 891dc34494011b354427ff7797a41e24
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_s390.deb
Size/MD5 checksum: 190198 706bb4e0969bcc6c3b273dc9344c7da4
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_s390.deb
Size/MD5 checksum: 161716 711db09fd4150bc1f068f5b5fb1e9dbf
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_s390.deb
Size/MD5 checksum: 96562 157be6e89308bfbf1bb53e30e4d0d8da
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_s390.deb
Size/MD5 checksum: 175634 706adfdb4bc526064399360616de2007
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_sparc.deb
Size/MD5 checksum: 179674 09b871dbcaeaf3108bd6860c2fc81363
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_sparc.deb
Size/MD5 checksum: 88132 f2fd28ccab190a99e2398725e4fd8b90
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_sparc.deb
Size/MD5 checksum: 173448 5e1fa2fe243214d922308bf324da7e87
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_sparc.deb
Size/MD5 checksum: 170024 4b80b359d3a1150818c50d92eaa37c5b
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_sparc.deb
Size/MD5 checksum: 181308 db23cb9d622527c4032d8a98865b828f
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-09:02)以及相应补丁:
FreeBSD-SA-09:02:OpenSSL incorrectly checks for malformed signatures
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-09:02.openssl.asc
补丁下载:
1) 将有漏洞的系统升级到6-STABLE或7-STABLE,或修改日期之后的RELENG_7_1、RELENG_7_0、RELENG_6_4或RELENG_6_3安全版本。
2) 为当前系统打补丁:
以下补丁确认可应用于FreeBSD 6.3、6.4、7.0和7.1系统。
a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。
[FreeBSD 7.x]
# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc
[FreeBSD 6.x]
# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch
# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc
b) 以root执行以下命令:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/secure/lib/libssl
# make obj && make depend && make && make install
# cd /usr/src/secure/usr.bin/openssl
# make obj && make depend && make && make install
注释:在amd64平台上,上述过程不会升级lib32(i386兼容)库。在使用i386兼容库的amd64系统上,应如下重新编译操作系统:
<URL:http://www.FreeBSD.org/handbook/makeworld.html>
OpenSSL Project
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.openssl.org/source/openssl-0.9.8j.tar.gz
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:0020-01)以及相应补丁:
RHSA-2009:0020-01:Moderate: bind security update
链接:https://www.redhat.com/support/errata/RHSA-2009-0020.html
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-250846)以及相应补丁:
Sun-Alert-250846:Security Vulnerability in Solaris BIND named(1M) due to Incorrect DNSSEC Signature Verification
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-250846-1
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200902-02)以及相应补丁:
GLSA-200902-02:OpenSSL: Certificate validation error
链接:http://security.gentoo.org/glsa/glsa-200902-02.xml
所有OpenSSL用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8j"
浏览次数:4452
严重程度:0(网友投票)
绿盟科技给您安全的保障