[转载]OpenSSL公钥处理拒绝服务漏洞
信息来源:绿盟科技OpenSSL公钥处理拒绝服务漏洞
发布日期:2006-09-26
更新日期:2006-09-30
受影响系统:
OpenSSL Project OpenSSL < 0.9.8d
OpenSSL Project OpenSSL < 0.9.7l
不受影响系统:
OpenSSL Project OpenSSL 0.9.8d
OpenSSL Project OpenSSL 0.9.7l
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 20247
CVE(CAN) ID: CVE-2006-2940
OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
OpenSSL在处理某些类型的公钥时可能会耗费不适当的时间,允许攻击者导致拒绝服务。
<*来源:Dr. S. N. Henson
链接:[url]http://www.openssl.org/news/secadv_20060928.txt[/url]
[url]http://lwn.net/Alerts/201933[/url]
[url]http://www.debian.org/security/2005/dsa-1185[/url]
[url]ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:23.openssl.asc[/url]
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1185-1)以及相应补丁:
DSA-1185-1:New openssl packages fix denial of service
链接:[url]http://www.debian.org/security/2005/dsa-1185[/url]
补丁下载:
Source archives:
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3.dsc[/url]
Size/MD5 checksum: 639 fbf460591348b14103a3819d23164aee
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3.diff.gz[/url]
Size/MD5 checksum: 29882 25e5c57ee6c86d1e4cc335937040f251
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz[/url]
Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474
Alpha architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_alpha.deb[/url]
Size/MD5 checksum: 3341810 73ef8e1cafbfd142a903bd93535a2428
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_alpha.deb[/url]
Size/MD5 checksum: 2448006 b42d228cd1cb48024b25f5bd7c6724b8
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_alpha.deb[/url]
Size/MD5 checksum: 930188 b0b9a46a47a1992ed455f993b6007450
AMD64 architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_amd64.deb[/url]
Size/MD5 checksum: 2693668 7a6d9f9ad43192bcfe9ed22bd4c227cb
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_amd64.deb[/url]
Size/MD5 checksum: 703308 239e07d0029b78d339da49ea8dacb554
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_amd64.deb[/url]
Size/MD5 checksum: 903744 de3413bf58707040d19a606311548ec7
ARM architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_arm.deb[/url]
Size/MD5 checksum: 2556374 4f3d5a82ab27e46f6174616dd2f0818c
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_arm.deb[/url]
Size/MD5 checksum: 690118 80812ffefacc7d9800ce5286909aa815
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_arm.deb[/url]
Size/MD5 checksum: 894114 053579483c0d83c11a4b15ade5e09d3b
HP Precision architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_hppa.deb[/url]
Size/MD5 checksum: 2695876 bee86edc3db3ac76a32efb84b1a1cfab
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_hppa.deb[/url]
Size/MD5 checksum: 791316 5dfd66672700232356a26258a76bcffa
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_hppa.deb[/url]
Size/MD5 checksum: 914574 bc996d3cd86b18090ee4c2f3f31dbdbc
Intel IA-32 architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_i386.deb[/url]
Size/MD5 checksum: 2553694 ceea98c69ca44649ee2c98cff0364e4b
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_i386.deb[/url]
Size/MD5 checksum: 2264996 111668559caa8ea95ad3100af67e163e
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_i386.deb[/url]
Size/MD5 checksum: 902750 39b743a6a47517245c3fba9289c86ddf
Intel IA-64 architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_ia64.deb[/url]
Size/MD5 checksum: 3396192 54868b4f5c27f5dc0a65b82594aa8bb0
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_ia64.deb[/url]
Size/MD5 checksum: 1038386 7fcec764f3b3d3ee53588791f7588ad9
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_ia64.deb[/url]
Size/MD5 checksum: 975118 18239f1932f399df0396e81a1e57e5e3
Motorola 680x0 architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_m68k.deb[/url]
Size/MD5 checksum: 2317346 cf221d4a25c8913c1183078f1974b46b
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_m68k.deb[/url]
Size/MD5 checksum: 661672 1a1e72d032cbd37400a65ef7ddf9af6d
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_m68k.deb[/url]
Size/MD5 checksum: 889874 6eaaf9b7b9651b37437b78d7a95a562a
Big endian MIPS architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_mips.deb[/url]
Size/MD5 checksum: 2779474 383cc3f4bd2c75515e415c48fc6c66eb
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_mips.deb[/url]
Size/MD5 checksum: 706660 aaa773471c553fd971b3158e35ceb675
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_mips.deb[/url]
Size/MD5 checksum: 896780 21c648b8e817ce098d9d85f311163e34
Little endian MIPS architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_mipsel.deb[/url]
Size/MD5 checksum: 2767338 bc2e40477ad28b1eedb69e6542b1ab08
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_mipsel.deb[/url]
Size/MD5 checksum: 694486 8c31bcea415ae3d725844e45a733d7fe
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_mipsel.deb[/url]
Size/MD5 checksum: 895860 8af869dc9a903f8a226d33cdcffc7eab
PowerPC architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_powerpc.deb[/url]
Size/MD5 checksum: 2775400 91f923d2f4f3938ef8a786b291865f0a
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_powerpc.deb[/url]
Size/MD5 checksum: 779452 3b094894ca6d75b7c86684c7cd62f5bf
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_powerpc.deb[/url]
Size/MD5 checksum: 908316 b93dffc572d91d9e4154b73c57b41e88
IBM S/390 architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_s390.deb[/url]
Size/MD5 checksum: 2717840 a96fb19009ddc10b1901f34e232109ae
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_s390.deb[/url]
Size/MD5 checksum: 813968 1cf6dbddb023dfe8c55d30d19bc0ff57
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_s390.deb[/url]
Size/MD5 checksum: 918504 73d2f71ec2c8ebd4cc3f481096202664
Sun Sparc architecture:
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge3_sparc.deb[/url]
Size/MD5 checksum: 2630560 059abd03c994e3d6851f38f6f7dd5446
[url]http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge3_sparc.deb[/url]
Size/MD5 checksum: 1886038 4900a7af6cbef9e37c902a3c14ac33ac
[url]http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge3_sparc.deb[/url]
Size/MD5 checksum: 924472 27f194ff2250fc91d0375c02d6686272
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-06:23)以及相应补丁:
FreeBSD-SA-06:23:Multiple problems in crypto(3)
链接:[url]ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:23.openssl.asc[/url]
补丁下载:
执行以下步骤之一:
1) 将有漏洞的系统升级到4-STABLE, 5-STABLE或6-STABLE,或修改日期之后的RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3或RELENG_4_11安全版本.
2) 为当前系统打补丁:
以下补丁确认可应用于FreeBSD 4.11, 5.3, 5.4, 5.5, 6.0和6.1系统.
a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名.
# fetch [url]http://security.FreeBSD.org/patches/SA-06:23/openssl.patch[/url]
# fetch [url]http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc[/url]
b) 以root执行以下命令:
# cd /usr/src
# patch < /path/to/patch
c) 如<URL: [url]http://www.freebsd.org/handbook/makeworld.html>[/url] 所述重新编译并重启系统.
OpenSSL Project
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
[url]http://www.openssl.org/source/openssl-0.9.7l.tar.gz[/url]
[url]http://www.openssl.org/source/openssl-0.9.8d.tar.gz[/url]
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2006:0695-01)以及相应补丁:
RHSA-2006:0695-01:Important: openssl security update
链接:[url]http://lwn.net/Alerts/201933[/url]
页:
[1]