- Rongsen.Com.Cn 版权所有 2008-2010 京ICP备08007000号 京公海网安备11010802026356号 朝阳网安编号:110105199号
- 北京黑客防线网安工作室-黑客防线网安服务器维护基地为您提供专业的
服务器维护
,企业网站维护
,网站维护
服务 - (建议采用1024×768分辨率,以达到最佳视觉效果) Powered by 黑客防线网安 ©2009-2010 www.rongsen.com.cn
OpenSSL ASN.1超长递归远程拒绝服务漏洞
作者:黑客防线网安网站维护基地 来源:黑客防线网安网站维护基地 浏览次数:0 |
黑客防线网安网讯:发布时间:2003-11-04更新时间:2003-11-04严重程度:中威胁程度:远程拒绝服务错误类型:意外情况处置错误利用方式:服务器模式BUGTRAQ ID:8970CVE(CAN) ID:CAN-2003-0851受影响系统
Cisco CSS11000 Conte ...
Cisco CSS11000 Conte ...
发布时间:2003-11-04
更新时间:2003-11-04
严重程度:中
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:服务器模式
BUGTRAQ ID:8970
CVE(CAN) ID:cgi-bin/cvename.cgi?name=CAN-2003-0851">CAN-2003-0851
受影响系统
OpenSSL 0.9.6存在一个漏洞可导致部分ASN.1序列触发大的递归,在如WIndows平台上,这个超大递归不能正确处理,因此会导致OpenSSl崩溃。攻击者如果可以发送任意ASN.1序列可导致OpenSSL崩溃,发送一个客户端证书给SSL/TLS服务器会导致中断SSL连接。
解决方案
补丁下载:
OpenSSL Project OpenSSL 0.9.6 k:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 j:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 i:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 h:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 g:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 f:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 e:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 d:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 c:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 b:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 a:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.7 b:
OpenSSL Project Upgrade openssl-0.9.7c.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.7 a:
OpenSSL Project Upgrade openssl-0.9.7c.tar.gz
ftp://ftp.openssl.org/source/
Opera Software Opera Web Browser 7.20:
Opera Software Upgrade Opera 7.23 for Windows
http://www.opera.com/download/
Opera Software Opera Web Browser 7.21:
Opera Software Upgrade Opera 7.23 for Windows
http://www.opera.com/download/
Opera Software Opera Web Browser 7.22:
Opera Software Upgrade Opera 7.23 for Windows
http://www.opera.com/download/
SGI IRIX 6.5.19 m:
SGI Upgrade patch5362.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.19/patch5362.tar
SGI IRIX 6.5.19 f:
SGI Upgrade patch5362.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.19/patch5362.tar
SGI IRIX 6.5.20 m:
SGI Upgrade patch5405.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.20/patch5405.tar
SGI IRIX 6.5.20 f:
SGI Upgrade patch5405.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.20/patch5405.tar
SGI IRIX 6.5.21 m:
SGI Upgrade patch5363.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.21/patch5363.tar
SGI IRIX 6.5.21 f:
SGI Upgrade patch5363.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.21/patch5363.tar
相关信息
参考:http://www.securityfocus.com/advisories/6134
http://www.securityfocus.com/advisories/6021
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
http://www.openssl.org/news/secadv_20031104.txt
http://www.bluecoat.com/support/knowledge/advisory_ASN1_parsing_0.9.6.l.html
更新时间:2003-11-04
严重程度:中
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:服务器模式
BUGTRAQ ID:8970
CVE(CAN) ID:cgi-bin/cvename.cgi?name=CAN-2003-0851">CAN-2003-0851
受影响系统
Cisco CSS11000 Content Services Switch未影响系统
Cisco IOS 12.1 (11b)E
Cisco IOS 12.1 (11)E
Cisco IOS 12.2 SY
Cisco IOS 12.2 SX
Cisco PIX Firewall 6.0 (4.101)
Cisco PIX Firewall 6.0 (4)
Cisco PIX Firewall 6.0 (2)
Cisco PIX Firewall 6.0 (1)
Cisco PIX Firewall 6.0
+ Cisco PIX Firewall 515
+ Cisco PIX Firewall 520
Cisco PIX Firewall 6.0.3
Cisco PIX Firewall 6.0.4
Cisco PIX Firewall 6.1 (5)
Cisco PIX Firewall 6.1 (4)
Cisco PIX Firewall 6.1 (3)
Cisco PIX Firewall 6.1 (2)
Cisco PIX Firewall 6.1 (1)
Cisco PIX Firewall 6.1
+ Cisco PIX Firewall 515
+ Cisco PIX Firewall 520
Cisco PIX Firewall 6.1.3
Cisco PIX Firewall 6.1.4
Cisco PIX Firewall 6.2 (3)
Cisco PIX Firewall 6.2 (2)
Cisco PIX Firewall 6.2 (1)
Cisco PIX Firewall 6.2
Cisco PIX Firewall 6.2.1
Cisco PIX Firewall 6.2.2 .111
Cisco PIX Firewall 6.2.2
Cisco PIX Firewall 6.3 (3.102)
Cisco PIX Firewall 6.3 (1)
OpenSSL Project OpenSSL 0.9.6 k
+ BlueCoat Systems CacheOS CA/SA 4.1.10
+ BlueCoat Systems Security Gateway OS 2.0
+ BlueCoat Systems Security Gateway OS 2.1.9
+ BlueCoat Systems Security Gateway OS 2.1.5001 SP1
+ BlueCoat Systems Security Gateway OS 3.0
+ BlueCoat Systems Security Gateway OS 3.1
OpenSSL Project OpenSSL 0.9.6 j
OpenSSL Project OpenSSL 0.9.6 i
+ HP Apache-Based Web Server 1.3.27 .00
+ HP Apache-Based Web Server 1.3.27 .01
+ HP HP-UX Apache-Based Web Server 1.0 .01
+ HP HP-UX Apache-Based Web Server 1.0 .02.01
+ HP HP-UX Apache-Based Web Server 1.0.1 .01
+ S.u.S.E. Linux 8.2
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 g
+ FreeBSD FreeBSD 4.7
+ FreeBSD FreeBSD 4.7 -RELEASE
+ HP Apache-Based Web Server 2.0.43 .00
+ HP Apache-Based Web Server 2.0.43 .04
+ HP Webmin-Based Admin 1.0 .01
+ Immunix Immunix OS 7+
+ NetBSD NetBSD 1.6
+ OpenPKG OpenPKG 1.1
OpenSSL Project OpenSSL 0.9.6 f
OpenSSL Project OpenSSL 0.9.6 e
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.6 -RELEASE
OpenSSL Project OpenSSL 0.9.6 d
+ Slackware Linux 8.1
OpenSSL Project OpenSSL 0.9.6 c
+ Conectiva Linux 8.0
+ Debian Linux 3.0
+ MandrakeSoft Linux Mandrake 8.2
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0 i386
OpenSSL Project OpenSSL 0.9.6 b
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ OpenBSD OpenBSD 3.0
+ OpenBSD OpenBSD 3.1
+ RedHat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Linux 7.2
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
+ RedHat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server
+ S.u.S.E. Linux Enterprise Server 7
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Office Server
+ S.u.S.E. SuSE eMail Server III
+ Sun Linux 5.0
+ Sun Linux 5.0.3
+ Sun Linux 5.0.5
+ Sun Linux 5.0.6
+ Sun Linux 5.0.7
OpenSSL Project OpenSSL 0.9.6 a
+ Conectiva Linux 7.0
+ NetBSD NetBSD 1.5
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.3
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.2 i386
OpenSSL Project OpenSSL 0.9.6
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ NetBSD NetBSD 1.5
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.6 beta
+ OpenBSD OpenBSD 2.9
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.5
OpenSSL Project OpenSSL 0.9.7 b
OpenSSL Project OpenSSL 0.9.7 a
+ OpenPKG OpenPKG Current
OpenSSL Project OpenSSL 0.9.7
+ Caldera OpenUnix 8.0
+ Caldera UnixWare 7.1.1
+ Caldera UnixWare 7.1.3
+ FreeBSD FreeBSD 5.0
+ OpenBSD OpenBSD 3.2
+ OpenPKG OpenPKG 1.2
Opera Software Opera Web Browser 7.20
Opera Software Opera Web Browser 7.21
Opera Software Opera Web Browser 7.22
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
BlueCoat Systems CacheOS CA/SA 4.1.12详细描述
BlueCoat Systems Security Gateway OS 2.1.10
BlueCoat Systems Security Gateway OS 3.1.2
OpenSSL Project OpenSSL 0.9.6 l
OpenSSL Project OpenSSL 0.9.7 c
Opera Software Opera Web Browser 7.23
OpenSSL 0.9.6存在一个漏洞可导致部分ASN.1序列触发大的递归,在如WIndows平台上,这个超大递归不能正确处理,因此会导致OpenSSl崩溃。攻击者如果可以发送任意ASN.1序列可导致OpenSSL崩溃,发送一个客户端证书给SSL/TLS服务器会导致中断SSL连接。
解决方案
补丁下载:
OpenSSL Project OpenSSL 0.9.6 k:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 j:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 i:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 h:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 g:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 f:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 e:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 d:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 c:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 b:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 a:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6:
OpenSSL Project Upgrade openssl-0.9.6l.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.7 b:
OpenSSL Project Upgrade openssl-0.9.7c.tar.gz
ftp://ftp.openssl.org/source/
OpenSSL Project OpenSSL 0.9.7 a:
OpenSSL Project Upgrade openssl-0.9.7c.tar.gz
ftp://ftp.openssl.org/source/
Opera Software Opera Web Browser 7.20:
Opera Software Upgrade Opera 7.23 for Windows
http://www.opera.com/download/
Opera Software Opera Web Browser 7.21:
Opera Software Upgrade Opera 7.23 for Windows
http://www.opera.com/download/
Opera Software Opera Web Browser 7.22:
Opera Software Upgrade Opera 7.23 for Windows
http://www.opera.com/download/
SGI IRIX 6.5.19 m:
SGI Upgrade patch5362.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.19/patch5362.tar
SGI IRIX 6.5.19 f:
SGI Upgrade patch5362.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.19/patch5362.tar
SGI IRIX 6.5.20 m:
SGI Upgrade patch5405.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.20/patch5405.tar
SGI IRIX 6.5.20 f:
SGI Upgrade patch5405.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.20/patch5405.tar
SGI IRIX 6.5.21 m:
SGI Upgrade patch5363.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.21/patch5363.tar
SGI IRIX 6.5.21 f:
SGI Upgrade patch5363.tar
ftp://patches.sgi.com/support/free/security/patches/6.5.21/patch5363.tar
相关信息
参考:http://www.securityfocus.com/advisories/6134
http://www.securityfocus.com/advisories/6021
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
http://www.openssl.org/news/secadv_20031104.txt
http://www.bluecoat.com/support/knowledge/advisory_ASN1_parsing_0.9.6.l.html
黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show.php?contentid-3047.html
新闻栏目
| 我要申请本站:N点 | 黑客防线官网 | |
| 专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479 |