[Pkg-openssl-devel] Bug#529221: Netscape/OpenSSL Cipher Forcing Bug

Jürgen Heil heil at qenta.at
Mon May 18 06:49:39 UTC 2009 

Package: libssl0.9.8
Version: 0.9.8c-4etch5
Severity: normal

-- System Information:
Debian Release: 4.0
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-486
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages libssl0.9.8 depends on:
ii  debconf [debconf-2. 1.5.11etch2          Debian configuration management
sy
ii  libc6               2.3.6.ds1-13etch9+b1 GNU C Library: Shared libraries
ii  zlib1g              1:1.2.3-13           compression library - runtime

libssl0.9.8 recommends no packages.

-- debconf information:
  libssl0.9.8/restart-services:


Hi!

We ran into this bug during our last Qualys security scan. It is reported as
a Level 3 Vulnerability and as such not compliant to the Payment Card Data
Security Standard (PCI DSS) as required by Visa and Mastercard. 

=============================================
= Here is the Qualys vulnerability description:
==

# Diagnosis
Netscape's SSLv3 implementation had a bug where if a SSLv3 connection is
initially established, the first available cipher is used. If a session is
resumed, a different cipher may be chosen if it appears in the passed cipher
list before the session's current cipher. This bug can be used to change
ciphers on the server. OpenSSL contains this bug if the
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is enabled during runtime.
This option was introduced for compatibility reasons. The problem arises
when different applications using OpenSSL's libssl library enable all
compatibility options including SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
thus enabling the bug.

# Consequence
A malicious legitimate client can enforce a ciphersuite not supported by the
server to be used for a session between the client and the server. This can
result in disclosure of sensitive information.

# Solution
This problem can be fixed by disabling the SSL OP NETSCAPE REUSE
CIPHER_CHANGE_BUG option from the options list of OpenSSL's libssl library.
This can be done by replacing the SSL OP ALL definition in the openssl/ssl.h
file with the following line:

#define SSL OP ALL (0x00000FFFL^SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)

Unfortunately there is no CVE number. I've found a discussion of this bug on
the OpenSSL developer mailing list.
http://marc.info/?l=openssl-dev&m=109532567028570&w=2

Could you be so kind to address this issue in a future openssl/libssl0.9.8
release?

Thank you very much!

Best regards,

Juergen Heil

More information about the Pkg-openssl-devel mailing list