[gentoo-dev] Fwd: [ESA-20010709-01] OpenSSL PRNG Weakness - gentoo-dev

From:	Ben Lutgens <blutgens@×××××××.com>
To:	gentoo-dev@g.o
Subject:	[gentoo-dev] Fwd: [ESA-20010709-01] OpenSSL PRNG Weakness
Date:	Tue, 10 Jul 2001 13:02:43
Message-Id:	`20010710140219.A14223@minime.sistina.com`

1

See the following advisory. I committed a 0.9.6b ebuild. Might not be a

2

bad idea to upgrade. You'll need to recompile all things that are linked

3

against libssl most likely. But since the bug is relativley easy to

4

exploit it's not a bad idea to go through the minimal hassle.

5

6

7

----- Forwarded message from EnGarde Secure Linux <security@×××××××××××××××.com> -----

8

9

From: EnGarde Secure Linux <security@×××××××××××××××.com>

10

Message-ID: <Pine.LNX.4.10.10107101355330.17594-100000@×××××××××××××××××××××××××××××××××.com>

11

Date: Tue, 10 Jul 2001 13:55:59 -0400 (EDT)

12

To: engarde-security@×××××××××××××××.com, bugtraq@×××××××××××××.com

13

Subject: [ESA-20010709-01] OpenSSL PRNG Weakness

14

15

-----BEGIN PGP SIGNED MESSAGE-----

16

Hash: SHA1

17

18

19

+------------------------------------------------------------------------+

20

| EnGarde Secure Linux Security Advisory                   July 09, 2001 |

21

| http://www.engardelinux.org/                           ESA-20010709-01 |

22

|                                                                        |

23

| Package:  openssl                                                      |

24

| Summary:  There is a design weakness in OpenSSL's PRNG.                |

25

+------------------------------------------------------------------------+

26

27

  EnGarde Secure Linux is a secure distribution of Linux that features

28

  improved access control, host and network intrusion detection, Web

29

  based secure remote management, complete e-commerce using AllCommerce,

30

  and integrated open source security tools.

31

32

33

OVERVIEW

34

- --------

35

  A weakness exists in the pseudo-random number generator (PRNG) in all

36

  version of OpenSSL up to and including 0.9.6a.  Given knowledge of

37

  past results of PRNG queries an attacker can predict future results.

38

39

40

DETAIL

41

- ------

42

  There is a design error in OpenSSL's PRNG which can allow an attacker to

43

  determine the internal state of the PRNG.  Based on the output of

44

  several hundered 1-byte PRNG requests an attacker can reconstruct the

45

  PRNG's internal state and predict future PRNG output.

46

47

  The impact of this vulnerability is rather small, as the OpenSSL team

48

  has described:

49

50

    "It is unlikely for applications to request PRNG bytes in a pattern

51

     allowing for the attack against the OpenSSL PRNG.  Typically,

52

     applications will request PRNG bytes in larger chunks.

53

     No applications is known to us which is actually vulnerable."

54

55

  In any event, we highly recommend that all users upgrade to the latest

56

  openssl packages as outlined in this advisory.

57

58

59

SOLUTION

60

- --------

61

  All users should upgrade to the most recent version, as outlined in

62

  this advisory.

63

64

  Guardian Digital recently made available the Guardian Digital Secure

65

  Update, a means to proactively keep systems secure and manage 

66

  system software. EnGarde users can automatically update their system

67

  using the Guardian Digital WebTool secure interface.

68

69

  If choosing to manually upgrade this package, updates can be

70

  obtained from:

71

72

    ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

73

    http://ftp.engardelinux.org/pub/engarde/stable/updates/

74

75

  Before upgrading the package, the machine must either:

76

77

    a) be booted into a "standard" kernel; or

78

    b) have LIDS disabled.

79

80

  To disable LIDS, execute the command:

81

82

    # /sbin/lidsadm -S -- -LIDS_GLOBAL

83

84

  To install the updated package, execute the command:

85

86

    # rpm -Uvh <filename>

87

88

  To reload the LIDS configuration, execute the command:

89

90

    # /usr/sbin/config_lids.pl

91

92

  To re-enable LIDS (if it was disabled), execute the command:

93

94

    # /sbin/lidsadm -S -- +LIDS_GLOBAL

95

96

  To verify the signature of the updated packages, execute the command:

97

98

    # rpm -Kv <filename>

99

100

101

UPDATED PACKAGES

102

- ----------------

103

  These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).

104

105

  Source Packages:

106

107

    SRPMS/openssl-0.9.6-1.0.14.src.rpm

108

      MD5 Sum:  420d7e9d0687f313059a64935be6f550

109

110

  i386 Binary Packages:

111

112

    i386/openssl-0.9.6-1.0.14.i386.rpm

113

      MD5 Sum:  347000c0645194ab5feb83eb92d2355c

114

115

    i386/openssl-devel-0.9.6-1.0.14.i386.rpm

116

      MD5 Sum:  09125870402b05ad8ab75d74271893a3

117

118

    i386/openssl-misc-0.9.6-1.0.14.i386.rpm

119

      MD5 Sum:  e865af2f976115e92f99a6ce7fd1cb1b

120

121

  i386 Binary Packages:

122

123

    i686/openssl-0.9.6-1.0.14.i686.rpm

124

      MD5 Sum:  4d612208e3952bdb375ad36e614abf98

125

126

    i686/openssl-devel-0.9.6-1.0.14.i686.rpm

127

      MD5 Sum:  8a1b228357a1fe51a96aeb9afa3981f2

128

129

    i686/openssl-misc-0.9.6-1.0.14.i686.rpm

130

      MD5 Sum:  1e5eb36c5db32a79dbdfccb3899ae9dc

131

132

133

REFERENCES

134

- ----------

135

136

  Guardian Digital's public key:

137

    http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY

138

139

  Credit for the discovery of this bug goes to:

140

    Markku-Juhani O. Saarinen <markku-juhani.saarinen@×××××.com>

141

142

  OpenSSL's Official Web Site:

143

    http://www.openssl.org/

144

145

146

- --------------------------------------------------------------------------

147

$Id: ESA-20010709-01-openssl,v 1.2 2001/07/10 15:34:45 rwm Exp rwm $

148

- --------------------------------------------------------------------------

149

Author: Ryan W. Maple, <ryan@×××××××××××××××.com> 

150

Copyright 2001, Guardian Digital, Inc.

151

152

-----BEGIN PGP SIGNATURE-----

153

Version: GnuPG v1.0.4 (GNU/Linux)

154

Comment: For info see http://www.gnupg.org

155

156

iD8DBQE7S0G2HD5cqd57fu0RAvYnAJ9nT8oqtjJMsQXv4r/Cl2UYv6iewACfWOJR

157

AR3Xr0NnQnISu9+XUS1CS/E=

158

=6l9n

159

-----END PGP SIGNATURE-----

160

161

----- End forwarded message -----

162

163

--

164

Ben Lutgens		

165

Sistina Software Inc.	

166

Kernel panic: I have no root and I want to scream

1	See the following advisory. I committed a 0.9.6b ebuild. Might not be a
2	bad idea to upgrade. You'll need to recompile all things that are linked
3	against libssl most likely. But since the bug is relativley easy to
4	exploit it's not a bad idea to go through the minimal hassle.
5
6
7	----- Forwarded message from EnGarde Secure Linux <security@×××××××××××××××.com> -----
8
9	From: EnGarde Secure Linux <security@×××××××××××××××.com>
10	Message-ID: <Pine.LNX.4.10.10107101355330.17594-100000@×××××××××××××××××××××××××××××××××.com>
11	Date: Tue, 10 Jul 2001 13:55:59 -0400 (EDT)
12	To: engarde-security@×××××××××××××××.com, bugtraq@×××××××××××××.com
13	Subject: [ESA-20010709-01] OpenSSL PRNG Weakness
14
15	-----BEGIN PGP SIGNED MESSAGE-----
16	Hash: SHA1
17
18
19	+------------------------------------------------------------------------+
20	\| EnGarde Secure Linux Security Advisory July 09, 2001 \|
21	\| http://www.engardelinux.org/ ESA-20010709-01 \|
22	\| \|
23	\| Package: openssl \|
24	\| Summary: There is a design weakness in OpenSSL's PRNG. \|
25	+------------------------------------------------------------------------+
26
27	EnGarde Secure Linux is a secure distribution of Linux that features
28	improved access control, host and network intrusion detection, Web
29	based secure remote management, complete e-commerce using AllCommerce,
30	and integrated open source security tools.
31
32
33	OVERVIEW
34	- --------
35	A weakness exists in the pseudo-random number generator (PRNG) in all
36	version of OpenSSL up to and including 0.9.6a. Given knowledge of
37	past results of PRNG queries an attacker can predict future results.
38
39
40	DETAIL
41	- ------
42	There is a design error in OpenSSL's PRNG which can allow an attacker to
43	determine the internal state of the PRNG. Based on the output of
44	several hundered 1-byte PRNG requests an attacker can reconstruct the
45	PRNG's internal state and predict future PRNG output.
46
47	The impact of this vulnerability is rather small, as the OpenSSL team
48	has described:
49
50	"It is unlikely for applications to request PRNG bytes in a pattern
51	allowing for the attack against the OpenSSL PRNG. Typically,
52	applications will request PRNG bytes in larger chunks.
53	No applications is known to us which is actually vulnerable."
54
55	In any event, we highly recommend that all users upgrade to the latest
56	openssl packages as outlined in this advisory.
57
58
59	SOLUTION
60	- --------
61	All users should upgrade to the most recent version, as outlined in
62	this advisory.
63
64	Guardian Digital recently made available the Guardian Digital Secure
65	Update, a means to proactively keep systems secure and manage
66	system software. EnGarde users can automatically update their system
67	using the Guardian Digital WebTool secure interface.
68
69	If choosing to manually upgrade this package, updates can be
70	obtained from:
71
72	ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
73	http://ftp.engardelinux.org/pub/engarde/stable/updates/
74
75	Before upgrading the package, the machine must either:
76
77	a) be booted into a "standard" kernel; or
78	b) have LIDS disabled.
79
80	To disable LIDS, execute the command:
81
82	# /sbin/lidsadm -S -- -LIDS_GLOBAL
83
84	To install the updated package, execute the command:
85
86	# rpm -Uvh <filename>
87
88	To reload the LIDS configuration, execute the command:
89
90	# /usr/sbin/config_lids.pl
91
92	To re-enable LIDS (if it was disabled), execute the command:
93
94	# /sbin/lidsadm -S -- +LIDS_GLOBAL
95
96	To verify the signature of the updated packages, execute the command:
97
98	# rpm -Kv <filename>
99
100
101	UPDATED PACKAGES
102	- ----------------
103	These updated packages are for EnGarde Secure Linux 1.0.1 (Finestra).
104
105	Source Packages:
106
107	SRPMS/openssl-0.9.6-1.0.14.src.rpm
108	MD5 Sum: 420d7e9d0687f313059a64935be6f550
109
110	i386 Binary Packages:
111
112	i386/openssl-0.9.6-1.0.14.i386.rpm
113	MD5 Sum: 347000c0645194ab5feb83eb92d2355c
114
115	i386/openssl-devel-0.9.6-1.0.14.i386.rpm
116	MD5 Sum: 09125870402b05ad8ab75d74271893a3
117
118	i386/openssl-misc-0.9.6-1.0.14.i386.rpm
119	MD5 Sum: e865af2f976115e92f99a6ce7fd1cb1b
120
121	i386 Binary Packages:
122
123	i686/openssl-0.9.6-1.0.14.i686.rpm
124	MD5 Sum: 4d612208e3952bdb375ad36e614abf98
125
126	i686/openssl-devel-0.9.6-1.0.14.i686.rpm
127	MD5 Sum: 8a1b228357a1fe51a96aeb9afa3981f2
128
129	i686/openssl-misc-0.9.6-1.0.14.i686.rpm
130	MD5 Sum: 1e5eb36c5db32a79dbdfccb3899ae9dc
131
132
133	REFERENCES
134	- ----------
135
136	Guardian Digital's public key:
137	http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY
138
139	Credit for the discovery of this bug goes to:
140	Markku-Juhani O. Saarinen <markku-juhani.saarinen@×××××.com>
141
142	OpenSSL's Official Web Site:
143	http://www.openssl.org/
144
145
146	- --------------------------------------------------------------------------
147	$Id: ESA-20010709-01-openssl,v 1.2 2001/07/10 15:34:45 rwm Exp rwm $
148	- --------------------------------------------------------------------------
149	Author: Ryan W. Maple, <ryan@×××××××××××××××.com>
150	Copyright 2001, Guardian Digital, Inc.
151
152	-----BEGIN PGP SIGNATURE-----
153	Version: GnuPG v1.0.4 (GNU/Linux)
154	Comment: For info see http://www.gnupg.org
155
156	iD8DBQE7S0G2HD5cqd57fu0RAvYnAJ9nT8oqtjJMsQXv4r/Cl2UYv6iewACfWOJR
157	AR3Xr0NnQnISu9+XUS1CS/E=
158	=6l9n
159	-----END PGP SIGNATURE-----
160
161	----- End forwarded message -----
162
163	--
164	Ben Lutgens
165	Sistina Software Inc.
166	Kernel panic: I have no root and I want to scream

Gentoo Archives: gentoo-dev