OpenSSL: Multiple vulnerabilities — GLSA 200710-06

A buffer underflow vulnerability and an information disclosure vulnerability have been discovered in OpenSSL.

Affected Packages

dev-libs/openssl on all architectures
Affected versions < 0.9.8e-r3
Unaffected versions >= 0.9.8e-r3

Background

OpenSSL is an implementation of the Secure Socket Layer and Transport Layer Security protocols.

Description

Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication.

Impact

A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8e-r3"

References

Release Date
October 07, 2007

Latest Revision
October 07, 2007: 01

Severity
high

Exploitable
local, remote

Bugzilla entries