漏洞信息详情
OpenSSL ASN1处理无效编码方式不当导致拒绝服务攻击漏洞
- CNNVD编号:CNNVD-200208-052
- 危害等级: 低危
- CVE编号: CVE-2002-0659
- 漏洞类型: 边界条件错误
- 发布时间: 2002-07-30
- 威胁类型: 远程
- 更新时间: 2006-09-21
- 厂 商: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
- 漏洞来源: James Yonan※ jim@n...
漏洞简介
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的ASN1解释器在处理无效的编码方式时存在漏洞,远程攻击者可能利用此漏洞对使用了ASN1库的应用程序进行拒绝服务攻击。
漏洞公告
厂商补丁: Caldera ------- Caldera已经为此发布了一个安全公告(CSSA-2002-033.0)以及相应补丁:
CSSA-2002-033.0:Linux: multiple vulnerabilities in openssl
链接: http://www.caldera.com/support/security/advisories/CSSA-2002-033.0.txt
补丁下载:
* OpenLinux 3.1.1 Server
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
*. OpenLinux 3.1.1 Workstation
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
*. OpenLinux 3.1 Server
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
*. OpenLinux 3.1 Workstation
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm Conectiva --------- Conectiva已经为此发布了一个安全公告(CLA-2002:513)以及相应补丁:
CLA-2002:513:openssl
链接: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
补丁下载:
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssl-0.9.6-4U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssl-devel-0.9.6-4U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openssl-0.9.6-4U60_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-devel-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-devel-static-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-doc-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-progs-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssl-0.9.6a-3U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-static-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-doc-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-progs-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssl-0.9.6c-2U8_1cl.src.rpm
Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
- 把以下的文本行加入到/etc/apt/sources.list文件中:
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
- 执行: apt-get update
- 更新以后,再执行: apt-get upgrade Debian ------ Debian已经为此发布了一个安全公告(DSA-136-1)以及相应补丁:
DSA-136-1:Multiple OpenSSL problems
链接: http://www.debian.org/security/2002/dsa-136
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0.dsc
Size/MD5 checksum: 782 de4c7b85648c7953dc31d3a89c38681c
http://security.debian.org/pool/updates/main/o/openssl/openssl_0
参考网址
来源:US-CERT Vulnerability Note: VU#748355 名称: VU#748355 链接:http://www.kb.cert.org/vuls/id/748355 来源:CERT/CC Advisory: CA-2002-23 名称: CA-2002-23 链接:http://www.cert.org/advisories/CA-2002-23.HTML 来源: BID 名称: 5366 链接:http://www.securityfocus.com/bid/5366 来源: XF 名称: openssl-asn1-parser-dos(9718) 链接:http://www.iss.net/security_center/static/9718.php 来源: REDHAT 名称: RHSA-2002:164 链接:http://rhn.redhat.com/errata/RHSA-2002-164.HTML 来源: REDHAT 名称: RHSA-2002:161 链接:http://rhn.redhat.com/errata/RHSA-2002-161.HTML 来源: REDHAT 名称: RHSA-2002:160 链接:http://rhn.redhat.com/errata/RHSA-2002-160.HTML 来源: CONECTIVA 名称: CLA-2002:516 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516 来源: FREEBSD 名称: FreeBSD-SA-02:33 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc 来源: CALDERA 名称: CSSA-2002-033.1 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt 来源: CALDERA 名称: CSSA-2002-033.0 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
受影响实体
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.1.5
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.1.4
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.1.3
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.1.2
- CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Mac_os_x:10.1.1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论