| VID |
22173 |
| Severity |
30 |
| Port |
443 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Web server using OpenSSL, according to its banner, is vulnerable to a timing based attack which may allow an attacker to guess the content of fixed data blocks (such as passwords or credit card number). An attacker may use this implementation flaw to sniff the data going to the vulnerable host and decrypt some parts of it.
The attack assumes that multiple SSL or TLS connections involve a common fixed plaintext block, such as a password. An active attacker can substitute specifically made-up ciphertext blocks for blocks sent by legitimate SSL/TLS parties and measure the time until a response arrives: SSL/TLS includes data authentication to ensure that such modified ciphertext blocks will be rejected by the peer (and the connection aborted), but the attacker may be able to use timing observations to distinguish between two different error cases, namely block cipher padding errors and MAC verification errors. This is sufficient for an adaptive attack that finally can obtain the complete plaintext block.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
OpenSSL 0.9.7 before 0.9.7a
OpenSSL 0.9.6 before 0.9.6i
* References:
[0] http://www.openssl.org/news/secadv_20030219.txt
[1] http://lasecwww.epfl.ch/memo_ssl.shtml
[2] http://marc.theaimsgroup.com/?l=bugtraq&m=104567627211904&w=2
[3] http://marc.theaimsgroup.com/?l=bugtraq&m=104568426824439&w=2
[4] http://www.openssl.org/~bodo/tls-cbc.txt
[5] http://www.openpkg.org/tutorial.html#regular-source
[6] http://www.openpkg.org/tutorial.html#regular-binary
[7] ftp://ftp.openpkg.org/release/1.1/UPD/openssl-0.9.6g-1.1.1.src.rpm
[8] ftp://ftp.openpkg.org/release/1.2/UPD/openssl-0.9.7-1.2.1.src.rpm
[9] http://www.openpkg.org/security.html#signature |
| Recommendation |
Upgrade to version 0.9.6i (0.9.7a) or newer. The source code of OpenSSL 0.9.6i and OpenSSL 0.9.7a is available as files openssl-0.9.6i.tar.gz and openssl-0.9.7a.tar.gz from:
ftp://ftp.openssl.org/source;type=d
If you are using a pre-compiled OpenSSL package, please look for update information from the respective software distributor. The OpenSSL group itself does not distribute OpenSSL binaries.
-- OR --
If upgrading to OpenSSL 0.9.7a (the recommended version) or to OpenSSL 0.9.6i is not immediately possible, the patch information available from the following site should be applied to the OpenSSL source code tree:
http://www.openssl.org/news/secadv_20030219.txt |
| Related URL |
CVE-2003-0078 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
