漏洞信息详情
OpenSSL在64位平台下数制表示方式不正确漏洞
- CNNVD编号:CNNVD-200208-173
- 危害等级: 高危
- CVE编号: CVE-2002-0655
- 漏洞类型: 边界条件错误
- 发布时间: 2002-07-30
- 威胁类型: 远程
- 更新时间: 2006-09-21
- 厂 商: oracle
- 漏洞来源: A.L. Digital Ltd T...
漏洞简介
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的设计实现上存在漏洞,在特定情况下远程攻击者可能利用此漏洞对服务器造成拒绝服务攻击或在主机上执行任意指令。 在64位系统下,OpenSSL在很多缓冲区中对于整形数的ASCII表示方法不正确,可能导致攻击者进行拒绝服务攻击或通过溢出攻击在主机上执行任意指令。
漏洞公告
厂商补丁: Caldera ------- Caldera已经为此发布了一个安全公告(CSSA-2002-033.0)以及相应补丁:
CSSA-2002-033.0:Linux: multiple vulnerabilities in openssl
链接: http://www.caldera.com/support/security/advisories/CSSA-2002-033.0.txt
补丁下载:
* OpenLinux 3.1.1 Server
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
*. OpenLinux 3.1.1 Workstation
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
*. OpenLinux 3.1 Server
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm
*. OpenLinux 3.1 Workstation
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-0.9.6-18.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-033.0/RPMS/openssl-devel-static-0.9.6-18.i386.rpm Conectiva --------- Conectiva已经为此发布了一个安全公告(CLA-2002:513)以及相应补丁:
CLA-2002:513:openssl
链接: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513
补丁下载:
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssl-0.9.6-4U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openssl-devel-0.9.6-4U60_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openssl-0.9.6-4U60_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-devel-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-devel-static-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-doc-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openssl-progs-0.9.6a-3U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openssl-0.9.6a-3U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-devel-static-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-doc-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/openssl-progs-0.9.6c-2U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/openssl-0.9.6c-2U8_1cl.src.rpm
Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
- 把以下的文本行加入到/etc/apt/sources.list文件中:
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
- 执行: apt-get update
- 更新以后,再执行: apt-get upgrade Debian ------ Debian已经为此发布了一个安全公告(DSA-136-1)以及相应补丁:
DSA-136-1:Multiple OpenSSL problems
链接: http://www.debian.org/security/2002/dsa-136
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0.dsc
Size/MD5 checksum: 782 de4c7b85648c7953dc31d3a89c38681c
http://security.debian.org/pool/updates/main/o/openssl/openssl_0
参考网址
来源:US-CERT Vulnerability Note: VU#308891 名称: VU#308891 链接:http://www.kb.cert.org/vuls/id/308891 来源:CERT/CC Advisory: CA-2002-23 名称: CA-2002-23 链接:http://www.cert.org/advisories/CA-2002-23.HTML 来源: BID 名称: 5364 链接:http://www.securityfocus.com/bid/5364 来源: MANDRAKE 名称: MDKSA-2002:046 链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php 来源: CONECTIVA 名称: CLA-2002:513 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513 来源: FREEBSD 名称: FreeBSD-SA-02:33 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc 来源: CALDERA 名称: CSSA-2002-033.1 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt 来源: CALDERA 名称: CSSA-2002-033.0 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt
受影响实体
- Oracle Corporate_time_outlook_connector:3.1.1
- Oracle Corporate_time_outlook_connector:3.1.2
- Oracle Corporate_time_outlook_connector:3.3
- Oracle Http_server:9.0.1
- Oracle Http_server:9.2.0
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论