邪恶八进制信息安全团队技术讨论组's Archiver

knight 2006-9-21 09:04

[转载]OpenSSL PKCS填充伪造RSA签名漏洞

信息来源:绿盟科技

OpenSSL PKCS填充伪造RSA签名漏洞

发布日期:2006-09-05
更新日期:2006-09-16

受影响系统:
OpenSSL Project OpenSSL < 0.9.8b
OpenSSL Project OpenSSL < 0.9.7j
不受影响系统:
OpenSSL Project OpenSSL 0.9.8c
OpenSSL Project OpenSSL 0.9.7k
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 19849
CVE(CAN) ID: CVE-2006-4339,CVE-2006-4340

OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。

OpenSSL在验证PKCS #1 v1.5签名时存在错误,攻击者可能利用此漏洞伪造签名。

如果使用了有指数3的RSA密钥的话,攻击者就可以伪造由该密钥签发的PKCS #1 v1.5签名。如果没有检查签名的RSA幂运算结果中的额外数据的话,这种实现就可能错误的验证证书,导致建立非授权的信任关系。

<*来源:Daniel Bleichenbacher
  
  链接:[url]http://secunia.com/advisories/21709/[/url]
      [url]http://www.openssl.org/news/secadv_20060905.txt[/url]
      [url]http://www.mozilla.org/security/announce/2006/mfsa2006-60.html[/url]
      [url]http://security.gentoo.org/glsa/glsa-200609-05.xml[/url]
      [url]http://www.debian.org/security/2005/dsa-1173[/url]
      [url]http://lwn.net/Alerts/198829/?format=printable[/url]
      [url]http://lwn.net/Alerts/199693/?format=printable[/url]
      [url]http://lwn.net/Alerts/199691[/url]
      [url]http://lwn.net/Alerts/199692[/url]
*>

建议:
--------------------------------------------------------------------------------
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1173-1)以及相应补丁:
DSA-1173-1:New openssl packages fix RSA signature forgery cryptographic weakness
链接:[url]http://www.debian.org/security/2005/dsa-1173[/url]

补丁下载:
Source archives:

[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc[/url]
Size/MD5 checksum:    639 a6d3c0f1fae595b8c2f7a45ca76dff1f
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz[/url]
Size/MD5 checksum:   27435 16d02ad2e1e531617e5d533553340a83
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz[/url]
Size/MD5 checksum:  3043231 a8777164bca38d84e5eb2b1535223474

Alpha architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb[/url]
Size/MD5 checksum:  3339496 917761204c442b6470cc84364a1d5227
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb[/url]
Size/MD5 checksum:  2445696 6d894629524dcefbefa0f813cb588bef
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb[/url]
Size/MD5 checksum:  929948 117af21021dfea510ac09e9a09c1dfd9

AMD64 architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb[/url]
Size/MD5 checksum:  2693336 c45662184c5ed338e179f3ec5e39289e
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb[/url]
Size/MD5 checksum:  769324 e216b2d3b89634457906140fcff4c5ac
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb[/url]
Size/MD5 checksum:  903454 52d2ce0e5d967ca1a77a33f9417fd798

ARM architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb[/url]
Size/MD5 checksum:  2555074 fd529ad701cfbbde50845aa3e0ba4d5e
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb[/url]
Size/MD5 checksum:  689548 a626529a0d9f52d069e6fcb1ec3a2513
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb[/url]
Size/MD5 checksum:  893880 58bcc0001bf7e014b6a1d7ab9849cf2c

HP Precision architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb[/url]
Size/MD5 checksum:  2694850 7dd819a9adddc660268d260df3e8cea2
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb[/url]
Size/MD5 checksum:  790570 06a37ff4879fab7ee26ac35f6526d7c3
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb[/url]
Size/MD5 checksum:  914188 74e469de973e495e93455816587b63db

Intel IA-32 architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb[/url]
Size/MD5 checksum:  2553346 946eaef80a1dc82af47e10d4913153b3
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb[/url]
Size/MD5 checksum:  2262628 a4e5d09c7086373d2a76370c71542ce0
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb[/url]
Size/MD5 checksum:  908336 e850093346e148d2132d59db3184d398

Intel IA-64 architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb[/url]
Size/MD5 checksum:  3394850 a43e3948b612ea7b48cdcb267fb26ef5
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb[/url]
Size/MD5 checksum:  1037694 e4cda7f8044cbc72ebbef123124461ea
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb[/url]
Size/MD5 checksum:  974802 a6dcd78bc35ca46bb21ac24ac1ccde1b

Motorola 680x0 architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb[/url]
Size/MD5 checksum:  2316460 403eae3e2c3f396a0e789069e8896036
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb[/url]
Size/MD5 checksum:  661108 eeb8f5b59f10b7c5ed5187f25b1505e6
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb[/url]
Size/MD5 checksum:  889522 07baf9c082693a1bbf7d81d49f5dd216

Big endian MIPS architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb[/url]
Size/MD5 checksum:  2778514 ef833284a26b9ad69eb22c169dcb822f
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb[/url]
Size/MD5 checksum:  705952 57a2075ffd4746c1c989c06be4e5587e
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb[/url]
Size/MD5 checksum:  896456 0d93ca64cbc1608c5a8345a574b47ada

Little endian MIPS architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb[/url]
Size/MD5 checksum:  2766270 1d197335ffe887e31525c04466dfd66c
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb[/url]
Size/MD5 checksum:  693836 45f358db6b4e149982a16cced46eb1d7
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb[/url]
Size/MD5 checksum:  895636 60f63815017772f9dcbcfce2d8aa9138

PowerPC architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb[/url]
Size/MD5 checksum:  2774840 012631d48936597d2bdb35a2c9e597cc
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb[/url]
Size/MD5 checksum:  778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb[/url]
Size/MD5 checksum:  908016 8bfe8de155f113aef3edca883cd72dac

IBM S/390 architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb[/url]
Size/MD5 checksum:  2716386 e8744dd7d49acabdd664bdd505e9efae
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb[/url]
Size/MD5 checksum:  813542 05846cc017a99f250d8104c406f2a609
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb[/url]
Size/MD5 checksum:  918208 f78b15dae8f8072339e601793707c4eb

Sun Sparc architecture:

[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb[/url]
Size/MD5 checksum:  2629368 4532f9940cf010b00b0d1404c11f9da5
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb[/url]
Size/MD5 checksum:  1884394 f7a8f112bb7e09c8c1dacc68c923cd40
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb[/url]
Size/MD5 checksum:  924208 a5e3e93b474e23a0f858eaa3a329d2de

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

  首先,使用下面的命令更新内部数据库:
  # apt-get update
  
  然后,使用下面的命令安装更新软件包:
  # apt-get upgrade

OpenSSL Project
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

[url]http://www.openssl.org/source/[/url]
[url]ftp://ftp.openssl.org/source/[/url]

RedHat
------
RedHat已经为此发布了安全公告(RHSA-2006:0675-01,RHSA-2006:0661-01,RHSA-2006:0676-01,RHSA-2006:0677-01)以及相应补丁:
RHSA-2006:0675-01:Critical: firefox security update
链接:[url]http://lwn.net/Alerts/199691[/url]

RHSA-2006:0661-01:Important: openssl security update
链接:[url]http://lwn.net/Alerts/198829/?format=printable[/url]

RHSA-2006:0676-01:Critical: seamonkey security update
链接:[url]http://lwn.net/Alerts/199692[/url]

RHSA-2006:0677-01:Critical: thunderbird security update
链接:[url]http://lwn.net/Alerts/199693/?format=printable[/url]

Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200609-05)以及相应补丁:
GLSA-200609-05:OpenSSL, AMD64 x86 emulation base libraries: RSA signature
链接:[url]http://security.gentoo.org/glsa/glsa-200609-05.xml[/url]

所有OpenSSL用户都应升级到最新版本:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k"

所有AMD64 x86模拟库用户都应升级到最新版本:

   # emerge --sync
   # emerge --ask --oneshot --verbose ">=app-emulation/emul-x86-linux-baselibs-2.5.2"

页: [1]
© 1999-2008 EvilOctal Security Team