Upcoming OpenSSL issue public on October 11th 1200UTC. NISCC should be
contacting you with details today (prod firstname.lastname@example.org if you don't
hear from them). Affects all OS and architectures, all OpenSSL versions.
Has a simple patch easy to backport to any old OpenSSL version.
However I'd rate this as a low or moderate severity issue, so no need to
Mark J Cox / Red Hat Security Response Team
### DRAFT ###
STRICT EMBARGO UNTIL 11 OCTOBER 2005 1200UTC
OpenSSL Security Advisory [11 October 2005]
CAN-2005-2969: Potential SSL 2.0 Rollback
A vulnerability has been found in all previously released versions of OpenSSL
(all versions up to 0.9.7g, and version 0.9.8).
Versions 0.9.7h and 0.9.8a are being released to address the issue.
The vulnerability potentially affects applications that use the SSL/TLS server
implementation provided by OpenSSL.
Such applications are affected if they use the option
SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL,
which is intended to work around various bugs in third-party software that
might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option
disables a verification step in the SSL 2.0 server supposed to prevent active
protocol-version rollback attacks. With this verification step disabled, an
attacker acting as a "man in the middle" can force a client and a server to
negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or
TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic
weaknesses and is supported as a fallback only.
Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor SSL_OP_ALL are
not affected. Also, applications that disable use of SSL 2.0 are not
There are multiple ways to avoid this vulnerability. Any one of the following
measures is sufficient.
1. Disable SSL 2.0 in the OpenSSL-based application.
The vulnerability occurs only if the old protocol version SSL 2.0
is enabled both in an OpenSSL server and in any of the clients
(OpenSSL-based or not) connecting to it. Thus, if you have
disabled SSL 2.0, the vulnerability does not apply to you.
Generally, it is strongly recommended to disable the SSL 2.0
protocol because of its known problems.
2. Upgrade the OpenSSL server software.
The vulnerability is resolved in the following versions of OpenSSL:
- in the 0.9.7 branch, version 0.9.7h (or later);
- in the 0.9.8 branch, version 0.9.8a (or later).
[note we resolved this by simply by removing the functionality
of this deprecated flag]
We thank Yutaka Oiwa of the Research Center for Information Security, National
Institute of Advanced Industrial Science and Technology (AIST), Japan, for
alerting us about this problem.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2969 for this issue:
URL for this Security Advisory:
Created attachment 69860 [details, diff]
Created attachment 69861 [details, diff]
Martin please advise and attach an updated ebuild for arch testing if
Do NOT commit anything to Portage.
Hmm, may only be done after a certain date or what ?
You can attach an updated ebuild to this bug, but do not commit anything to
Portage before we say go.
Created attachment 70011 [details, diff]
Patch needs to be slightly adjusted.
Created attachment 70012 [details]
Ebuild for 0.9.8.
Arch security liaisons please test and report back on this bug.
We probably want the 0.9.7 one to go stable .. ill look into it if Mike have not
.. heading to bed now though.
Back to preebuild unccing arch security liaisons.
And now witn unccing:-) Sorry for the spam.
we'll actually need to fix both 0.9.7e and 0.9.7g
Created attachment 70297 [details]
updated 0.9.7 ebuilds
Ccing arch sec liaisons, please test and tell us which can be committed as
stable on your arch.
amd64 blubb MetalGOD
ppc64 corsair rangerpb
0.9.7g-r1 looks good for sparc.
hppa and ppc is fine
0.9.7g-r1 looks good for ppc64
Alpha is happy with 0.9.7g-r1.
0.9.7g-r1 is fine for amd64
looks fine on x86
OK ready for commit later that day...
Now public @ bug 108852
*** This bug has been marked as a duplicate of 108852 ***