Note: This is an archival copy of Security Sun Alert 201247 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000931.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability in the RSA signature verification implementation in the OpenSSL product may incorrectly verify data signed with a forged signature. This will affect applications which make use of OpenSSL to verify RSA signatures. The direct impact to these applications will depend on the way in which this signed data is used.
OpenSSL is shipped with Solaris 10 (see openssl(5)). This library is not shipped with Solaris 9, however, a number of Solaris 9 applications statically link against this library and may be affected by these vulnerabilities. This Sun Alert provides details about the individual patches which should be installed to update the OpenSSL product on Solaris 10 and all potentially impacted Solaris 9 applications.
This issue is also described in the following documents:
Note: The issue described in this Sun Alert is specific to the OpenSSL shipped with Solaris. Multiple Sun products are affected by this issue. For more details please see Sun Alert 102648.
These issues can occur with the OpenSSL included in the following applications and releases:
Note 1: Solaris 8 is not impacted by this issue.
Note 2: Solaris 9 does not ship with OpenSSL libraries which can be used for application linking.
Note 3: The Solaris 9 SSH patches listed above update the OpenSSL library used by SSH to a version that is not impacted by this issue. However, this fix is not required for Solaris 9 systems which have the following patches installed, as the SSH that is contained in those patches does not make use of the impacted code from the OpenSSL library:
Note 4: This issue is only exploitable in cases where keys with certain properties are used. Tools such as openssl(1) (which is shipped with Solaris 10, Solaris 9 does not include a tool which can be used for this purpose) can be used to get the needed properties:
$ openssl x509 -pubkey -in server.crt -text
If the output contains the following lines, then signatures of this key can be forged:
Public Key Algorithm: rsaEncryption Exponent: 3 (0x3)
For more information about displaying public keys and certificate signature verification, see the openssl(1) manual page on Solaris 10.
As an example of an affected application, Solaris 10 is distributed with the Apache web server. This server can be configured to accept connections with the HTTPS protocol. Since Apache uses OpenSSL for cryptographic operations it may be impacted by this vulnerability under certain circumstances.
To verify that a system running the Apache web server is configured to accept HTTPS connections a command such as the following can be used:
$ svcprop -p httpd/ssl svc:network/http:apache2
If the above command reports "true" then Apache is configured to accept HTTPS connections.
The following command can be used to check whether a system that is configured to accept HTTPS connections uses certificates for client authentication:
$ grep SSLVerifyClient /etc/apache2/ssl.conf
If the output contains the following line, then the system is vulnerable:
In such cases, an unprivileged remote user could gain access to restricted documents served by the Apache server. This depends on the type of certificates in use, as described above.
There are no predictable symptoms that would indicate the described issue has been exploited to forge a signature for trusted application data.
Until patches can be applied, sites may wish to disable the verification of RSA signatures or only enable the verification of RSA signatures created with RSA keys that have an exponent other than 3.
Please see the application documentation for instructions on how to disable verification of certificates containing keys with the above mentioned properties.
These issues are addressed in the following releases:
This solution has no attachment