OpenSSL SSLv2 Client_Master_Key消息远程拒绝服务攻击漏洞

发布时间：2003-10-02
更新时间：2003-10-03
严重程度：高
威胁程度：远程拒绝服务
错误类型：设计错误
利用方式：服务器模式

BUGTRAQ ID：8746

受影响系统

OpenSSL Project OpenSSL 0.9.6 e
   +FreeBSD FreeBSD 4.6
   +FreeBSD FreeBSD 4.6 -RELEASE
OpenSSL Project OpenSSL 0.9.6 d
   +Slackware Linux 8.1
OpenSSL Project OpenSSL 0.9.6 c
   +Conectiva Linux 8.0
   +Debian Linux 3.0
   +MandrakeSoft Linux Mandrake 8.2
   +S.u.S.E. Linux 8.0
   +S.u.S.E. Linux 8.0 i386
OpenSSL Project OpenSSL 0.9.6 b
   +MandrakeSoft Linux Mandrake 8.1
   +MandrakeSoft Linux Mandrake 8.1 ia64
   +OpenBSD OpenBSD 3.0
   +OpenBSD OpenBSD 3.1
   +RedHat Linux 7.2
   +RedHat Linux 7.2 i386
   +RedHat Linux 7.2 i686
   +RedHat Linux 7.2 ia64
   +RedHat Linux 7.3
   +RedHat Linux 7.3 i386
   +S.u.S.E. Linux 7.3 i386
   +S.u.S.E. Linux 7.3 ppc
   +S.u.S.E. Linux 7.3 sparc
   +S.u.S.E. Linux Connectivity Server
   +S.u.S.E. Linux Database Server
   +S.u.S.E. Linux Enterprise Server 7
   +S.u.S.E. Linux Firewall on CD
   +S.u.S.E. Office Server
   +S.u.S.E. SuSE eMail Server III
   +Sun Linux 5.0
OpenSSL Project OpenSSL 0.9.6 a
   +Conectiva Linux 7.0
   +NetBSD NetBSD 1.5
   +NetBSD NetBSD 1.5.1
   +NetBSD NetBSD 1.5.2
   +NetBSD NetBSD 1.5.3
   +S.u.S.E. Linux 7.1
   +S.u.S.E. Linux 7.1 alpha
   +S.u.S.E. Linux 7.1 ppc
   +S.u.S.E. Linux 7.1 sparc
   +S.u.S.E. Linux 7.2 i386
OpenSSL Project OpenSSL 0.9.6
   +Caldera OpenLinux Server 3.1
   +Caldera OpenLinux Server 3.1.1
   +Caldera OpenLinux Workstation 3.1
   +Caldera OpenLinux Workstation 3.1.1
   +Conectiva Linux 6.0
   +EnGarde Secure Linux 1.0.1
   +HP Secure OS software for Linux 1.0
   +MandrakeSoft Linux Mandrake 8.0
   +MandrakeSoft Linux Mandrake 8.0 ppc
   +NetBSD NetBSD 1.5
   +NetBSD NetBSD 1.5.1
   +NetBSD NetBSD 1.5.2
   +NetBSD NetBSD 1.5.3
   +NetBSD NetBSD 1.6
   +NetBSD NetBSD 1.6 beta
   +OpenBSD OpenBSD 2.9
   +OpenPKG OpenPKG 1.0
   +RedHat Linux 7.0 alpha
   +RedHat Linux 7.0 i386
   +RedHat Linux 7.0 sparc
   +RedHat Linux 7.1 alpha
   +RedHat Linux 7.1 i386
   +RedHat Linux 7.2 alpha
   +RedHat Linux 7.2 i386
   +RedHat Linux 7.3
   +RedHat Linux 7.3 i386
   +Trustix Secure Linux 1.1
   +Trustix Secure Linux 1.2
   +Trustix Secure Linux 1.5
RedHat openssl-0.9.5a-14.i386.rpm
   +RedHat Linux 7.0 i386
RedHat openssl-0.9.6-3.i386.rpm
   +RedHat Linux 7.1 i386
RedHat openssl-0.9.6b-18.i386.rpm
   +RedHat Linux 7.3 i386
RedHat openssl-0.9.6b-29.i386.rpm
   +RedHat Linux 8.0 i386
RedHat openssl-0.9.6b-8.i386.rpm
   +RedHat Linux 7.2 i386
RedHat openssl-devel-0.9.5a-14.i386.rpm
   +RedHat Linux 7.0 i386
RedHat openssl-devel-0.9.6-3.i386.rpm
   +RedHat Linux 7.1 i386
RedHat openssl-devel-0.9.6b-18.i386.rpm
   +RedHat Linux 7.3 i386
RedHat openssl-devel-0.9.6b-29.i386.rpm
   +RedHat Linux 8.0 i386
RedHat openssl-devel-0.9.6b-8.i386.rpm
   +RedHat Linux 7.2 i386
RedHat openssl-perl-0.9.5a-14.i386.rpm
   +RedHat Linux 7.0 i386
RedHat openssl-perl-0.9.6-3.i386.rpm
   +RedHat Linux 7.1 i386
RedHat openssl-perl-0.9.6b-18.i386.rpm
   +RedHat Linux 7.3 i386
RedHat openssl-perl-0.9.6b-29.i386.rpm
   +RedHat Linux 8.0 i386
RedHat openssl-perl-0.9.6b-8.i386.rpm
   +RedHat Linux 7.2 i386
RedHat openssl-python-0.9.5a-14.i386.rpm
   +RedHat Linux 7.0 i386
RedHat openssl-python-0.9.6-3.i386.rpm
   +RedHat Linux 7.1 i386
RedHat openssl095a-0.9.5a-11.i386.rpm
   +RedHat Linux 7.2 i386
RedHat openssl095a-0.9.5a-11.i386.rpm
   +RedHat Linux 7.3 i386
RedHat openssl095a-0.9.5a-16.i386.rpm
   +RedHat Linux 8.0 i386
RedHat openssl096-0.9.6-11.i386.rpm
   +RedHat Linux 8.0 i386
RedHat openssl096-0.9.6-6.i386.rpm
   +RedHat Linux 7.3 i386
RedHat openssl096-0.9.6-6.i386.rpm
   +RedHat Linux 7.2 i386

未影响系统

OpenSSL Project OpenSSL 0.9.6 k
OpenSSL Project OpenSSL 0.9.6 j
OpenSSL Project OpenSSL 0.9.6 i
   +HP Apache-Based Web Server 1.3.27 .00
   +HP Apache-Based Web Server 1.3.27 .01
   +HP HP-UX Apache-Based Web Server 1.0.00.01
   +HP HP-UX Apache-Based Web Server 1.0.01.01
   +HP HP-UX Apache-Based Web Server 1.0 .02.01
   +S.u.S.E. Linux 8.2
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 g
   +FreeBSD FreeBSD 4.7
   +FreeBSD FreeBSD 4.7 -RELEASE
   +HP Apache-Based Web Server 2.0.43 .00
   +HP Apache-Based Web Server 2.0.43 .04
   +HP Webmin-Based Admin 1.0.00.01
   +Immunix Immunix OS 7+
   +NetBSD NetBSD 1.6
   +OpenPKG OpenPKG 1.1
OpenSSL Project OpenSSL 0.9.6 f

详细描述
OpenSSL SSLv2实现上存在拒绝服务漏洞，当服务器程序在处理一个畸形的CLIENT_MASTER_KEY的消息时会导致一个实现了SSLv2的服务执行流程引向die()过程，从而造成拒绝服务攻击。此漏洞不影响0.9.6f以上版本的软件。

解决方案
厂商已经在新近版本的软件中修补了此漏洞：

OpenSSL Project OpenSSL 0.9.6 e:
     OpenSSL Project Upgrade OpenSSL 0.9.6k
     http://www.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 d:
     OpenSSL Project Upgrade OpenSSL 0.9.6k
     http://www.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 c:
     OpenSSL Project Upgrade OpenSSL 0.9.6k
     http://www.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 b:
     OpenSSL Project Upgrade OpenSSL 0.9.6k
     http://www.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6 a:
     OpenSSL Project Upgrade OpenSSL 0.9.6k
     http://www.openssl.org/source/
OpenSSL Project OpenSSL 0.9.6:
     OpenSSL Project Upgrade OpenSSL 0.9.6k
     http://www.openssl.org/source/

相关信息
New OpenSSL remote vulnerability (issue date 2003/10/02)
http://archives.neohapsis.com/archives/bugtraq/2003-10/0012.html

最近严重漏洞

OpenSSL SSLv2 Client_Master_Key消息远程拒绝服务攻击漏洞