[vox] [Fwd: Vulnerability in OpenSSL]

Mike Simons vox@lists.lugod.org
Fri, 14 Mar 2003 16:25:18 -0500 

On Fri, Mar 14, 2003 at 10:58:59AM -0800, ME wrote:
> An item that may have implications for other packages that compile against
> OpenSSL that include mod_ssl, openssh, and if you specified it in a bind
> install (or your package was so configured) BIND too.
[...]
> If this attack is addressed, then expect many new packages and package
> upgrades for your boxes from your Linux vendor for several packages
> related to encryption.

  There area patched ssl that went into Debian Feb 21... which fixes
timing-based attacks.

====
openssl (0.9.6c-2.woody.2) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Applied patch to fix vulnerability to timing-based attacks
    (see CAN-2003-0078)
  * Applied preventative measure patch by Richard Levitte
    <levitte@openssl.org>

 -- Martin Schulze <joey@infodrom.org>  Fri, 21 Feb 2003 16:34:17 +0100
====

  The people given credit for the paper leading to the patch are not 
the people in your report... 

http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00035.html
===
A vulnerability has been discovered in OpenSSL, a Secure Socket Layer
(SSL) implementation.  In an upcoming paper, Brice Canvel (EPFL),
Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,
Ilion) describe and demonstrate a timing-based attack on CBC cipher
suites used in SSL and TLS.  OpenSSL has been found to vulnerable to
this attack.
===

  David Brumley, doesn't report which version of ssl he was using in
his tests... so it's hard to tell if these two things are the same
issue or not.

- is there any indication on your list if this problem has already
  been fixed?

> -------- Original Message --------
> Subject: Vulnerability in OpenSSL
> From: David Brumley <dbrumley@stanford.edu>
> Date: Thu, March 13, 2003 3:59 pm
> To: bugtraq@securityfocus.com
> 
> Dan Boneh and I have been researching timing attacks against software
[...]
> To our knowledge, OpenSSL and derived crypto libraries are vulnerable.
[...]
> The results indicate that all crypto implementations should defend
> against timing attacks.
[...]
> http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
[...]
> -David Brumley