CERT® Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSLOriginal release date: July 30, 2002
Last revised: October 11, 2002
A complete revision history can be found at the end of this file.
There are four remotely exploitable buffer overflows in OpenSSL. There are also encoding problems in the ASN.1 library used by OpenSSL. Several of these vulnerabilities could be used by a remote attacker to execute arbitrary code on the target system. All could be used to create denial of service.
OpenSSL is a widely deployed, open source implementation of the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The SSL and TLS protocols are used to provide a secure connection between a client and a server for higher level protocols such as HTTP. Four remotely exploitable vulnerabilities exist in many OpenSSL client and server systems.
VU#102795 - OpenSSL servers contain a buffer overflow during the SSLv2 handshake process
VU#258555 - OpenSSL clients contain a buffer overflow during the SSLv3 handshake process
VU#561275 - OpenSSL servers with Kerberos enabled contain a remotely exploitable buffer overflow vulnerability during the SSLv3 handshake process
VU#308891 - OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers
In addition, a separate issue has been identified in OpenSSL involving malformed ASN.1 encodings. Affected components include SSL or TLS applications, as well as S/MIME, PKCS#7, and certificate creation routines.
VU#748355 - ASN.1 encoding errors exist in implementations of SSL, TLS, S/MIME, PKCS#7 routines
Although these vulnerabilities affect OpenSSL, other implementations of the SSL protocol that use or share a common code base may be affected. This includes implementations that are derived from the SSLeay library developed by Eric A. Young and Tim J. Hudson.
As noted in the OpenSSL advisory as well, sites running OpenSSL 0.9.6d servers on 32-bit platforms with SSLv2 handshaking disabled will not be affected by any of the buffer overflows described above. However, due to the nature of the ASN.1 encoding errors, such sites may still be affected by denial-of-service situations.
By exploiting the buffer overflows above, a remote attacker can execute arbitrary code on a vulnerable server or client system or cause a denial-of-service situation. Exploitation of the ASN.1 encoding errors can lead to a denial of service.
Apply a patch from your vendor
Appendix A contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below or in the individual vulnerability notes, we have not received their comments. Please contact your vendor directly.
Upgrade to version 0.9.6e of OpenSSL
Combined patches for OpenSSL 0.9.6d:After either applying the patches above or upgrading to 0.9.6e, recompile all applications using OpenSSL to support SSL or TLS services, and restart said services or systems. This will eliminate all known vulnerable code.
Sites running OpenSSL pre-release version 0.9.7-beta2 may wish
to upgrade to 0.9.7-beta3, which
corrects these vulnerabilities. Separate patches are available
Combined patches for OpenSSL 0.9.7 beta 2:
Disable vulnerable applications or services
Until fixes for these vulnerabilities can be applied, disable all applications that use vulnerable implementations of OpenSSL. Systems with OpenSSL 0.9.7 pre-release with Kerberos enabled also need to disable Kerberos to protect against VU#561275. As a best practice, the CERT/CC recommends disabling all services that are not explicitly required. Before deciding to disable SSL or TLS, carefully consider the impact that this will have on your service requirements.
Disabling SSLv2 handshaking will prevent exploitation of VU#102795. However, due to the nature of the ASN.1 encoding errors, such sites would still be vulnerable to denial-of-service attacks.
Appendix A. - Vendor Information
This appendix contains information provided by vendors for this advisory. As vendors report new information to the CERT/CC, we will update this section and note the changes in our revision history. If a particular vendor is not listed below or in the individual vulnerability notes, we have not received their comments.
Apple Computer, Inc.
The vulnerabilities described in this note are fixed with Security Update 2002-08-02.
In relation to this CERT advisory on security vulnerability in OpenSSL, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis has shown that various Alcatel products are affected: namely the 6600, 7700, 7800 and 8800 OmniSwitches, the OmniAccess 210 and the 7770 RCP. Alcatel is currently in the process of applying appropriate fixes to those products. Customers may contact their Alcatel support representative for more details. The security of our customers' networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential security vulnerabilities in our products using OpenSSL and will provide updates if necessary.
The Debian project has released DSA 136 a while ago which fixes this vulnerability. Here's the link:
Lotus products do not use OpenSSL or an SSLeay library, so they are not vulnerable. We further analyzed our SSL implementation for the issues reported in the advisory and determined that our products are not vulnerable.
Mandrake Linux update advisory MDKSA-2002:046-1 fixes all of these issues in OpenSSL. Please see
Microsoft products do not use the libraries in question. Microsoft products are not affected by this issue.
Please see NetBSD-SA2002-009
Secure Computing Corporation
These vulnerabilities were discovered and reported by the following:
The CERT/CC thanks the OpenSSL team for the work they put into their advisory, on which this document is largely based.
Feedback can be directed to the authors: Jason A. Rafail, Cory F. Cohen, Jeffrey S. Havrilla, Shawn V. Hernan.
This document is available from: http://www.cert.org/advisories/CA-2002-23.html
CERT/CC Contact Information
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.
We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from
If you prefer to use DES, please call the CERT hotline for more information.
Getting security information
CERT publications and other security information are available from our web site
* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
Conditions for use, disclaimers, and sponsorship information
Copyright 2002 Carnegie Mellon University.
July 30, 2002: Initial release Aug 02, 2002: Added IBM statement from 07/31/2002 Aug 07, 2002: Added NetBSD statement from 08/01/2002 Aug 07, 2002: Added Apple statement from 08/02/2002 Aug 07, 2002: Added Lotus statement from 08/02/2002 Aug 07, 2002: Added ISC statement from 07/31/2002 Aug 15, 2002: Added Juniper statement from 08/15/2002 Sep 17, 2002: Added Covalent statement from 09/16/2002 Sep 20, 2002: Added Alcatel statement from 09/03/2002 Sep 23, 2002: Added Mandrake Software statement from 09/19/2002 Sep 26, 2002: Added Microsoft Corporation statement from 09/25/2002 Sep 30, 2002: Added Secure Computing Corporation statement from 09/24/2002 Oct 11, 2002: Added Debian statement from 10/08/2002